PIS API specific documentation Single SCA Payments
Changes from the previous version
This is the change log of the PIS API (Single SCA payments), allowing PSD2-regulated TPPs to initiate and confirm payments on behalf of the PSU within a single strong customer authentication (SCA), in this case the Nordea Business customer. The top most item is the latest change and the API changes described in it are relative to the version directly below. The current version of the API is 4.7.
Note: In order to keep integrity with domestic and SEPA payments, single SCA payments starting service version is 4.0
Version 4.7
- DKK instant/express payments flow is enhanced with additional validations
- Creditor message up to 140 characters length
- Creditor name is mandatory and max length is 70 char
- Amount limit for express payment
- SEPA credit transfer has been enhanced with instant payment functionality. As part of it
- “urgency = express” is supported at payment initiation
- Maximum length for creditor name has been increased to 70 char for express payments
Version 4.6
Support for the Confirmation of availability of funds has been added. Please refer to the Confirmation of availability of funds section.
Version 4.5
The implementation in sandbox is extended with the support for single SCA cross border payments in Norway.
Version 4.4
The following functionalities will be available in production API.
- Single SCA payments for domestic transfer in Sweden and Norway
- 4-eyes payment confirmation for single SCA domestic payments in Sweden, Denmark and Norway
- Single SCA salary/pension payments in Sweden and Norway
The implementation in sandbox is extended with the support for single SCA cross border payments in Denmark, Sweden and Finland.
Created
- POST
/v4/payments/crossborder/singlesca
Version 4.3
Single SCA payments for domestic transfer in Denmark is available in production API. The implementation in sandbox is extended with the support for,
- Single SCA own transfer payments in Finland, Sweden, Denmark and Norway
- Single SCA salary/pension payments in Sweden and Norway
- 4-eyes payment confirmation for single SCA payments in Denmark
Created
- POST
/v4/payments/domestic/owntransfer/singlesca - POST
/v4/payments/sepa/owntransfer/singlesca - POST
/v4/payments/domestic/salarypension/singlesca
Version 4.2
Single SCA same day payments for SEPA credit transfer in Finland is available in production API. The implementation in sandbox is extended with the support for single SCA domestic payments in Denmark, Sweden and Norway.
Created
- POST
/v4/payments/domestic/singlesca
Version 4.1
This release still supports single SCA payments only for SEPA credit transfer in Finland and only in sandbox. The implementation is extended for due dated payments, in addition to same day payment. This release also supports GET payment details/list and DELETE payment for single SCA payments.
Version 4.0
Created
- POST
/v4/payments/sepa/singlesca
Note: We have implemented new endpoint for single SCA payments due to separation of data model.
The initial release supports single SCA payments only for SEPA credit transfer in Finland and only in sandbox. The initial release does not support GET payment details/list and DELETE payment for single SCA payments. Single SCA payments is not implemented in production API as yet.
Overview
The PIS API for single SCA payments can be used to initiate and confirm payments within a single strong customer authentication.
This API supports POST HTTP method only. Check status of payments, deletions and second confirmation can be done via the /payments/sepa endpoints for SEPA payments, /payments/domestic for domestic payments, and /payments/crossborder for cross border payments. However, single SCA payments have to be initiated via this service, else they will be treated as normal 2 SCA payments.
In single SCA, the TPP is expected to send all the payment information to the bank without using any existing consents. The bank then validates the payment details, captures the payment and initiates payment signing within the same session. The one and only SCA that the user provides is when the payment is signed. In sandbox, the single SCA payment doesn’t require a strong authentication.
When the TPP hits the signing URL that is returned in the response, the action will trigger further processes without actual signing from the end user. This process is specific to sandbox, as the end user SCA is not possible. In real production environment, the end user will perform the SCA using the signing link and successful signing will trigger further processes. At the end of successful processing,
- The same day payments are updated as ‘Paid’.
- Due dated payments are updated as ‘Confirmed’.
- Processing status and the auth_code will be returned in the TPP call back URL.
TPP is responsible for exchanging auth_code for an access token while the auth_code is still valid by invoking POST /v5/authorize/token end point. In response, the TPP receives a pair of tokens (access token and refresh token) with specific scope for single SCA payments. With this access token, only single SCA payments can be handled.
With the single SCA access token, TPP can get payment list, get single payment details, delete payment and do the second confirmation in case of 4-eyes confirmation via the /payments/sepa for SEPA, /payments/domestic for domestic, and /payments/crossborder for cross border endpoints. TPP needs to use the external_id provided while initiating the single SCA payment, in the place of payment ID. If payment ID is still used, API would not be able to fetch the payment. This API has similar request model as sepa/domestic/crossborder, but with limited set of properties dedicated to single SCA payments. Service comes with a set of limitations:
- no urgency property (get executed instantly at provided ‘requested execution date’)
- only one payment can be initiated at a time
- only one payment can be confirmed at a time
In Sandbox: Note that sandbox accepts all creditor account numbers, i.e. payments might be initiated to not existing, but valid account numbers.
Single SCA own transfer payments
Own transfer payments can also be initiated by using the single SCA path by invoking the end point “POST /v4/payments/sepa/owntransfer/singlesca” or “POST /v4/payments/domestic/owntransfer/singlesca”. Own transfer payments in general do not require confirmation. However, when an own transfer payment is initiated via single SCA API, a SCA is required as part of customer authorization.
In case the user or the debtor account is set with 4-eyes permission, in certain case (For example, in Denmark), second confirmation is needed from the co-signer to execute the own transfer payment. In such case, the second signer shall confirm the payment using the regular payments confirm end point “PUT /v4/payments/domestic/confirm”. Please refer to the 4-eyes confirmation section below to understand the flow better.
In sandbox, own transfer payments are immediately confirmed or paid upon initiation, if the execution date is the future date or the current business date respectively.
Single SCA salary and pension payments
Salary payments in Sweden and Norway, and Pension payments in Sweden can be initiated and confirmed by invoking the end point “POST /v4/payments/domestic/salarypension/singlesca”.
In case the user or the debtor account is set with 4-eyes permission, second confirmation is needed from the co-signer to execute the salary/pension payment. In such case, the second signer shall confirm the payment using the regular payments confirm end point “PUT /v4/payments/domestic/confirm”. Please refer to the 4-eyes confirmation section below to understand the flow better.
In sandbox, the salary/pension payment is immediately confirmed or paid upon activation of the signing URL, if the execution date is the future date or the current business date respectively.
4-eyes confirmation
If the user or the debtor account used in the single SCA payment has 4-eyes permission, then the payment will be initiated and partially confirmed within the single SCA. This means that the payment initiation and the confirmation from the first co-signer are done together.
The TPP can see the status of the payment as “PartiallyConfirmed” in the payment details. The second co-signer can see and confirm single SCA payments only by having a single SCA specific access token. If the second co-signer do not have a single SCA access token already, then the TPP can get a new single SCA access token by invoking the authorization API with scope as “PAYMENTS_SINGLE_SCA”. Refer to Business Access Authorization API documentation for more details on getting a new single SCA access token. The second co-signer can use the regular payments confirm end point “PUT /v4/payments/{payment-type}/confirm” to co-sign the payment.
Note that 4-eyes confirmation flow is not available in sandbox. Therefore, the payment is immediately confirmed or paid upon activation of the signing URL, if the execution date is the future date or the current business date respectively.
API endpoints
The PIS API contains the following endpoint:
| Endpoint | Supported HTTP Methods |
|---|---|
/payments/sepa/singlesca | POST |
/payments/domestic/singlesca | POST |
/payments/sepa/owntransfer/singlesca | POST |
/payments/domestic/owntransfer/singlesca | POST |
/payments/domestic/salarypension/singlesca | POST |
/payments/crossborder/singlesca | POST |
The endpoints /payments/sepa/{paymentId} , /payments/domestic/{paymentId} , /payments/crossborder/{paymentId} can be used to query payment details by payment id, and it supports only GET HTTP method. The payment id is the must be defined in the external_id defined by the TPP while initiating the single SCA payment.
Full request and response example for the single SCA end point can be seen on examples section below.
Nordea payment type field combinations
| Endpoint (/payments/.) | Nordea Type | FI | SE | DK | NO | Comments | debtor.account_type | creditor.account_type | .amount (mandatory, max. value) | .currency | .creditor.message | .name (of beneficiary | .reference.value | .reference_type |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| /domestic | Domestic account transfer | X | ”PGNR" | "BBAN_SE” | 99 999 999 999,99 | ”SEK” | optional (max. 12) | optional | N/A | N/A | ||||
| /domestic | Domestic account transfer | X | If reference is supplied, then message is not applicable, and vice versa. | ”BBAN_DK” or “IBAN" | "BBAN_DK” | 9 999 999 999,99 | ”DKK” | optional (max. 40) | N/A | optional | ”RF” | |||
| /domestic | Domestic account transfer (With/Without advice) | X | If comment is added, it is considered to be With advice. | ”BBAN_NO" | "BBAN_NO” | 9 999 999,99 | ”NOK” | optional, see comment (max. 140) | optional | N/A | N/A | |||
| /domestic | KID | X | ”BBAN_NO" | "BBAN_NO” | 9 999 999,99 | ”NOK” | N/A | mandatory | mandatory | ”OCR” | ||||
| /domestic | BankGiro | X | If OCR reference and value is supplied, then message is not applicable, and vice versa. Some accounts have OCR reference as mandatory as per request of the creditor. | ”PGNR" | "BGNR” | 99 999 999 999,99 | ”SEK” | optional (max. 150) | N/A | optional | ”OCR” | |||
| /domestic | PlusGiro | X | If OCR reference and value is supplied, then message is not applicable, and vice versa. Some accounts have OCR reference as mandatory as per request of the creditor. | ”PGNR" | "PGNR” | 99 999 999 999,99 | ”SEK” | optional (max. 25) | mandatory | optional | ”OCR” | |||
| /domestic | Giro | X | Transfer form for Denmark. | ”BBAN_DK” or “IBAN" | "GIRO_DK” | 9 999 999,99 | ”DKK” | only for 01, 73 and 75 (max. 105) | N/A | mandatory for 04, 15, 71 and 75 others N/A | ”01”, “04”, “15”, “71”, “73” or “75” | |||
| /sepa | SEPA | X | FI uses SEPA for domestic payments as well | ”IBAN" | "IBAN” | 999 999 999,99 | ”EUR” | optional (max. 140) | mandatory | mandatory | ”INVOICE” or “RF” | |||
| /sepa/owntransfer | SEPA own transfer | X | ”IBAN" | "IBAN” | 999 999 999,99 | ”EUR” | optional (max. 140) | N/A | N/A | N/A | ||||
| /domestic/owntransfer | Domestic own transfer | X | ”BBAN_DK” or “IBAN" | "BBAN_DK” | 9 999 999 999,99 | ”DKK” or foreign currency | optional (max. 40) | N/A | N/A | N/A | ||||
| /domestic/owntransfer | Domestic own transfer | X | ”PGNR” or “BBAN_SE" | "PGNR” or “BBAN_SE” | 9 999 999 999,99 | ”SEK” or foreign currency | optional (max. 12) | N/A | N/A | N/A | ||||
| /domestic/owntransfer | Domestic own transfer | X | ”BBAN_NO" | "BBAN_NO” | 9 999 999 999,99 | ”NOK” | optional (max. 140) | N/A | N/A | N/A | ||||
| /domestic/salarypension | Domestic salary/pension | X | ”PGNR” or “BGNR" | "BBAN_SE” | 9 999 999 999,99 | ”SEK” | optional (max. 12) | optional | N/A | N/A | ||||
| /domestic/salarypension | Domestic salary/pension | X | ”BBAN_NO" | "BBAN_NO” | 9 999 999 999,99 | ”NOK” | optional (max. 140) | optional | optional | ”OCR” | ||||
| /crossborder | cross-border payment | X | ”PGNR" | "BBAN_SE” or “IBAN” | 99 999 999 999,99 | ”AED”,“AUD”,“BDT”,“BGN”,“CAD”,“CHF”,“CNH”,“CNY”,“CZK”,“DKK”,“EGP”,“EUR”,“GBP”,“HKD”,“HRK”,“HUF”,“IDR”,“ILS”,“INR”,“ISK”,“JOD”,“JPY”,“KES”,“KRW”,“KWD”,“KZT”,“LKR”,“MAD”,“MXN”,“NOK”,“NZD”,“PHP”,“PKR”,“PLN”,“QAR”,“RON”,“RSD”,“SAR”,“SEK”,“SGD”,“THB”,“TND”,“TRY”,“USD”,“ZAR” | Mandatory for FI (max. 140) | Mandatory | N/A | N/A | ||||
| /crossborder | cross-border payment | X | ”LBAN" | "LBAN_DK” or “IBAN” | 99 999 999 999,99 | ”AED”,“AUD”,BGN”,“CAD”,“CHF”,“CNH”,“CNY”,“CZK”,“DKK”, “EUR”, “GBP”, “HKD”,“HRK”,“HUF”,“ILS”,“INR”,“ISK”,“JOD”,” JPY”,“KES”, “KRW”,“KWD”,“KZT”,“MAD”,“MXN”,“NOK”,“NZD”,“PHP”, “PKR”,“PLN”,“RON”,“RSD”,“SAR”,“SEK”,“SGD”,“THB”,“TND”,“TRY”,“USD”,“ZAR” | Mandatory for FI (max. 140) | Mandatory | N/A | N/A | ||||
| /crossborder | cross-border payment | X | ”IBAN" | "BBAN” or “IBAN” | 99 999 999 999,99 | ”AED”,“AUD”,BGN”,“CAD”,“CHF”,“CNH”,“CNY”,“CZK”,“DKK”, “EUR”, “GBP”, “HKD”,“HRK”,“HUF”,“ILS”,“INR”,“ISK”,“JOD”,” JPY”,“KES”, “KRW”,“KWD”,“KZT”,“MAD”,“MXN”,“NOK”,“NZD”,“PHP”, “PKR”,“PLN”,“RON”,“RSD”,“SAR”,“SEK”,“SGD”,“THB”,“TND”,“TRY”,“USD”,“ZAR” | Mandatory for FI (max. 140) | Mandatory | N/A | N/A |
Confirmation of availability of funds
The given functionality gives TPP the possibility to confirm the availability of funds - so that TPP can decide to either further process, cancel and/or sign the payment or not.
Two new optional parameters have been added:
- “request_availability_of_funds” (request)
- “availability_of_funds” (response)
Countries in scope: DK, SE, FI, NO.
Payment initiation
Not available for the SSCA payment initiation.
Get payment details
Sandbox:
- If SSCA get payment details endpoint is available and the request contains the new field: “request_availability_of_funds” set to “true” and Sandbox scenario is not being specified in request header and payment status is not: “InsufficientFunds”, “Rejected”, “Paid” or “Unknown” - when the endpoint is invoked, then the get payment details response will be returned with new field: “availability_of_funds” that is set based on the actual check that verifies the payment amount against the available balance on the account.
- If SSCA get payment details endpoint is available and the request contains the new field: “request_availability_of_funds” set to “true” and Sandbox scenario is specified as: “FundsAvailable” in request header and payment status is not: “InsufficientFunds”, “Rejected”, “Paid” or “Unknown” - when the endpoint is invoked, then the get payment details response will be returned with new field: “availability_of_funds” that is set to “true”.
- If SSCA get payment details endpoint is available and the request contains the new field: “request_availability_of_funds” set to “true” and Sandbox scenario is specified as: “FundsNotAvailable” in request header and payment status is not: “InsufficientFunds”, “Rejected”, “Paid” or “Unknown” - when the endpoint is invoked, then the get payment details response will be returned with new field: “availability_of_funds” that is set to “false”.
Production:
- If SSCA get payment details endpoint is available and the request contains the new field: “request_availability_of_funds” set to “true” and payment status is not: “InsufficientFunds”, “Rejected”, “Paid” or “Unknown” - when the endpoint is invoked, then the get payment details response will be returned with new field: “availability_of_funds” that is set based on the actual check that verifies the payment amount against the available balance on the account.
The examples of Confirmation of availability of funds can be found in this documentation under: PIS API DENMARK single SCA examples section.
PIS API Finland single SCA examples
Finland: Payment initiation and confirmation in single SCA - SEPA
This example shows how to initiate single SCA payments in FI
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/sepa/singlesca
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/sepa/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication_method": "REDIRECT",
"language": "no",
"redirect_uri": "string",
"state": "string"
},
"payment": {
"amount": "4.20",
"creditor":
{
"account": {
"_type": "IBAN",
"currency": "EUR",
"value": "FI4514323000205187"
},
"message": "SBX FI SCA 19",
"name": "Prashant K SBX FI SCA"
},
"currency": "EUR",
"debtor":
{
"account": {
"_type": "IBAN",
"currency": "EUR",
"value": "FI5815793000105406"
},
"message": "PK Single SCA M19"
},
"external_id":"d630b00a-227c-474e-8d20-1fc2b7141fdc"
}
}
And the response looks like this:
"group_header": {
"message_identification": "prgl447iti8f15cg",
"creation_date_time": "2023-05-19T11:32:18.406244235Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_fi&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=6v91dW6H4IIhD5Pw3g_yY3BZhycNsxoXTcQRT7yPgTQ&scope=openid+ndf+agreement&state=c2lnbmluZ19vcmRlcl9pZD05MGM3ODk1OC1lOTdiLTQyNzItODJhNS1iMjFhZmIyNmNjOGUmc3RhdGVfaWQ9N2E0YTEzMDEtYTExNi00OTE1LTkwZTAtMTE2MGI1NDNkODNm&signing_order_id=90c78958-e97b-4272-82a5-b21afb26cc8e"
}
]
}
}
Auth_code is returned to the TPP at the end of successful processing. TPP is responsible to exchange the auth_code for the access token.
Finland: GET single SCA payment
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/sepa/Pra8-Kina-23-July-27
This endpoint supports GET HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/sepa/Pra8-Kina-23-July-27' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
The response looks like:
{
"group_header": {
"message_identification": "k1pqmludq5sirvdo",
"creation_date_time": "2023-07-27T11:01:47.350672603Z",
"http_code": 200
},
"response": {
"_id": "2e7a87df-8dc2-4f0a-8568-adad77cf98d2",
"external_id": "Pra8-Kina-23-July-27",
"entry_date_time": "2023-07-27T10:55:49.10492683Z",
"debtor": {
"account": {
"value": "FI5815793000105406",
"_type": "IBAN",
"currency": "EUR"
}
},
"creditor": {
"account": {
"value": "FI4514323000205187",
"_type": "IBAN",
"currency": "EUR"
},
"message": "SBX Dev01 Verif"
},
"amount": "3.74",
"currency": "EUR",
"payment_status": "Paid",
"tpp_messages": [],
"_links": [
{
"rel": "self",
"href": "/v4/payments/sepa/2e7a87df-8dc2-4f0a-8568-adad77cf98d2"
}
],
"planned_execution_date": "2023-07-27",
"requested_execution_date": "2023-07-27",
"payment_type": "SEPA",
"single_sca": true
}
}
Finland: Payment initiation and confirmation in single SCA - SEPA own transfer
This example shows how to initiate single SCA payments in FI
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/sepa/owntransfer/singlesca
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/sepa/owntransfer/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication": {
"authentication_method": "REDIRECT",
"language": "en",
"redirect_uri": "https://www.example.com",
"state": "string"
},
"payment": {
"amount": "4.99",
"currency": "EUR",
"debtor": {
"account": {
"_type": "IBAN",
"currency": "EUR",
"value": "FI5815793000105406"
}
},
"creditor": {
"account": {
"_type": "IBAN",
"currency": "EUR",
"value": "FI9111473285268344"
},
"message": "Test mess"
},
"external_id": "MK-2024050301"
}
}
And the response looks like this:
"group_header": {
"message_identification": "9xkahkvkhi14dv0b",
"creation_date_time": "2024-05-03T10:58:33.868772371Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_fi&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=vseaqQLvZPg64iTcMml02V-DF7UxqUqgcn1ugOFf-Es&scope=openid+ndf+agreement&state=c3NjYV9wYXltZW50X2lkPU1LLTIwMjQwNTAzMDEmY2xpZW50X2lkPTRmMDdkNTVhLTk5NTYtNDYxMy1iYTYzLTMxZTJjNDdkYzAyYQ&nonce=FGMIgDmOqq9ip9I5NSYg9DetFr8gyEvYNOZajsFi&login_hint=REDIRECT&signing_token=DummySignedToken&ui_locales=en"
}
]
}
}
Auth_code is returned to the TPP at the end of successful processing. TPP is responsible to exchange the auth_code for the access token.
Finland: Payment initiation and confirmation in single SCA - CROSSBORDER
This example shows how to initiate cross border single SCA payments in FI
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/singlesca
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication_method": "REDIRECT",
"language": "en",
"redirect_uri": "https://httpbin.org",
"state": "string"
},
"payment":{
"amount": 1.5,
"charge_paid_by": "shared",
"creditor": {
"bank": {
"country": "DK",
"bic": "NDEADKKK",
"name": "Nordea"
},
"account": {
"_type": "IBAN",
"value": "DK2020001544660914",
"currency": "DKK"
},
"address":
{
"line1": "DK Bank",
"line2": "Nordea Bank Abp",
"line3": "DK"
},
"message": "SBX-Dev01",
"name": "SSK Cr"
},
"currency": "DKK",
"debtor": {
"account": {
"_type": "IBAN",
"value": "FI3815903000105518",
"currency": "EUR"
},
"name": "SSK Dr"
},
"external_id": "12072024ab-1",
"requested_execution_date":"2024-07-15",
"end_to_end_identification": "End to end identification"
}
}
And the response looks like this:
"group_header": {
"message_identification": "yco42yxzmhje7f6v",
"creation_date_time": "2024-07-12T08:01:24.834998213Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_fi&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=vseaqQLvZPg64iTcMml02V-DF7UxqUqgcn1ugOFf-Es&scope=openid+ndf+agreement&state=c3NjYV9wYXltZW50X2lkPTEyMDcyMDI0YWItMSZjbGllbnRfaWQ9NGYwN2Q1NWEtOTk1Ni00NjEzLWJhNjMtMzFlMmM0N2RjMDJh&nonce=zLZDOnqmtxugAg3dlxzlCmxu3LtfDLYBUHvgg7GQ&login_hint=REDIRECT&signing_token=DummySignedToken&ui_locales=en"
}
]
}
}
Auth_code is returned to the TPP at the end of successful processing. TPP is responsible to exchange the auth_code for the access token.
PIS API DENMARK single SCA examples
Denmark: Payment initiation and confirmation in single SCA - DOMESTIC
This example shows how to initiate single SCA payments in DK
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/domestic/singlesca/
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/domestic/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication_method": "REDIRECT",
"language": "en",
"redirect_uri": "https://www.example.com",
"state": "string"
},
"payment": {
"amount": "2.6",
"creditor": {
"account": {
"_type": " BBAN_DK",
"currency": "DKK",
"value": "23001544660914"
},
"message": "Valida OBISME 2063",
"name": ""
},
"currency": "DKK",
"debtor": {
"account": {
"_type": "BBAN_DK",
"currency": "DKK",
"value": "23001544657247"
},
"message": "DK OBISME 2063"
},
"requested_execution_date":"2024-01-09",
"external_id": "08012024-15"
}
}
And the response looks like this:
"group_header": {
"message_identification": "261bfb12fdcd5d42",
"creation_date_time": "2024-01-08T10:22:50.052300379Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://nasa.nd.test.nordea.com?client_id=9bEcYm2jLBXrzpPKR48v&code_challenge_method=S256&redirect_uri=https://open.dev01.qaoneadr.local/business/v4/payments/sign/callback&response_type=code&code_challenge=vxkrbljp9NmHQvjmXIIQI82lQ6VY2JMGOhckm-K_9PE&scope=openid+ndf+agreement&state=c3NjYV9wYXltZW50X2lkPTA4MDEyMDI0LTE1JmNsaWVudF9pZD1mODhmYmE5Zi01ZWRkLTRhOTAtOGM2Yy0wNGExMmNlMWIxZmQ&nonce=u4Z9n1rdUb7vLXPaIsk2VEAnUmP0VxOgwUynuT4Y&login_hint=REDIRECT&signing_token=eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.LY0912q_xx2HrtHSaNBRp5lnStwGg4Y-YKJ6pdVF5TThUo_NcfouuslYv5L8hgfwRemV58D5j373sLxAjD_IoVVKDJzYf99tsGztiaw9kGr7_ptycbU9XT3zGbbky118LTGJhsk9psrFfvsiX8wqaPFrO9lED67DEJj_UHVdp2tmc9Db2vr0umufLZd5meng2UUeMUqmBPKjUiA1sZszHCmFRfve5QkahwZNmFRTGEVl6K1F0pQnfzR6vm9i5_M7ck07yxYPenoQkosL5pqR04MiSBqzEQ-RiLHR213hVuwp_eSRanGAvnkoofOwjU0Qy654_pWeynVyDk1XCBHHHg.8FAIKi7Uel35FJK8._EL2_yD0_7mc51tXQOIEJuAaxDcqXbHQ68Mqc0QZOopyr04Qe_0DKh6VljlfQ9631xSGxyFNRTHHl4fDzeSiPp6nGDb_Twt5euByIQTMfLQjs5ctZwu9V8GZ3-6O4h66rsbSIfZDunghH8bevWF9t7YtP3Amc-TpJmsbEdajoS3MTfJR9RnXlLovwcQmMx19MJj6FZj-tE_ZyAb_DD_R5gr7OKb0xxbr2urOgi2Hvoyc3r4VjtQfuhLlIJiw5Ax-EE146TfYy1w41qq3y8O02tWmbOiGP3FdmBpR78pGEBV26NKmHvFppzj6I-NS3cxzqCpHVfI-lEV0AAiQQsML_07WJoaZQofGpgW2PPwAmzPo-KEea23MNT_fRYbRn_m9tj9PHgU9Tn8RBkR9WN_i-a8pjtCJWzIlV5jziLQoO4opvUXB32jH0RnFmXG35IvUmUU5QaCHk6taWdl5cjmYc4wCDspv94T6Z_RQUewKoOY6A1LlRlBEHGeWVT_WGGTT_KtW-fG-HOw7Nrs87WPCfVwwlHnF5RS7A9YZRIxoBMaegw8KMpHaR84JfO1bzRgMvBw-rtyapFGKX9YeZrC9kXQRBAwPOHB4WFE5sbKT0h-m1J92lfAu1x9Sj_f9Qg3JldUxTYUgfgq-MTpqnB_KMKrQCKs_yQhYrFQKoygk1TqHrE5VKVRPRAiXRugiGg3CELGUK9xVaV8Q6ls57zyHiMnaJ_ru2jKy57yLtv8NH1mKMFt4YnH15_Tb_mVtOmWMef5XSw1fjsW-0I9BSb7TemspUMTQyHQM64SfPcSXx_NeWwtIWpTKlwapX7bcfuv-UKMTFbwRMEW4uSEnjJk8MkWOWyf4vkKBliM-gkaje4tBDVg1kJrDdcwe5TnZOll2crfVFl6aZeGlXTuKiy01sUdMesXlwrIeV7TErYUQjCv4fCjgeVluMlZXsyNkru2uTv-flxCeD0Td-ZmZ8ccIaYCJ1U7SWb39TQ3xg-OlxryVusNfImBQEMLFwI1-gXhS9GCpvFPp-3aMl1sVGidiR4PGExrWA7O7F9SCOAg0lLAWdeTdONBAznW19cp0PdcahyfiJ6OB4ZT4wv0Ud6TEiuEbUyRuoGorUScD0TsSRf5mvWhJlofNsQenni7o5S8oSnl_V4XeSUG_e6yv2IS-31dcGOwn0k-rAnr_uTlid7waJoMN-DGtAVdhxfQmb_XPOFHajQgGBJTRoG_tJdryB5rhkNqUTuYBCQCVPwu3t3uBD2V2NcRfmjNJ8eKNRXopDUEw_1talcxyb_pgp_RGolZYw7N_41uwEyoxyAYHqbirApCum8jPynySh2Tk_YEhxKYbLkXSinyLdYaZSYXNP_cmdHrOZZyiPK1dEsV_Gyc9wETaGnaidhzm211RJwJg7UIW-rzQs9nhun8x4IfPdgoDi5a7lgJU-89405NZFLHo7nxM9OUgvFs4PHQQTvrehvMfH1D6_jSnAmEStXgD7aaaSoqeJaUhtgdHL5kOJM9R4Hke3i6F41nsJi-fXPe8GDFYqMnsSvmi8GnJHhKcyfVfv4txMJm7Hz5p9pr7nq-eWTOc5sxKx86g7LYppBDfXu10mSATfq6rj0JOngnm1RIjDCnpp0HtIeolUMM0LY5O4yNAU8uotXlpRpirBUWsU0vexCFJH-tXqIbxFaLR-nHfLaTiY2MXZtUNvjpmTMpn-SH1uo_PL9my8gOVhQV9J7jLJ1Xfajm4Jd91-NHaAfwUeLS7DyGmOIN4eZpUS9t_ALTNv7leF0-X2GxeFzgN2lt5HmfH3qHJYjrG_8zVhGEhl41hTCoDgWBfMZmjwSeacAxWJA96gz68CjtYpoaQOCG_XcmyULL9aSUYX0z_e1OPAdwt93l2BJ_Iw2kOrqWG6ksqvmIpxws26K8e1LgrnAT12TdlpjJPzysAc6AXR_d3iVL-dxBEa8IR4RjlJLtpnFXJKVjPVznr1S24W99JsaUzv8QXK0TTPgfGsdtnT2foCvUSKTdLB3CD7jN7EjgrxiaxZ84qN1V4fYUcNrjLpDui0Hgzb_F1E8fq-oawrPbbXAKrbMLV4TJUDyNTkBPN73oKIk8wkgS3lOplUjb-EtShoayFOg0Coj0ra9W8rZI-pno_z3tV42ZuHZGUN26x2ARZUCoIUooxaHKI0k-kn1RjtZroisCCI-bPpWNAfpGMGWKQo1BSXqSLCT-wzsR1gvFNaPevE8QS1cDGn-YjG_R0Upa31vWXQf1CLne8PImceuAAh6P4fNjEm7slxD7927vyFu8za8kJF1v6BY62Pg178HNvK0aAG2sA36JRWBigKZFNEnIIgaES3s0V3fzO1N_P5FSWIctNDzOPSK5QYlriVJuKBLvjCSX8ohSySzViNWdU_qzeEcc5DPrCTpueuEdrwFA8eK8kj1FZZ8DvnUKXI_Tl8Aqv8hpidFiW9Vtpfqn1C313Zyn_kODnu35peGbsZSEbg-psq-HzBaROZ8zFWqnGOx1sGtyFUx8d4gl2ZjcCSBOMZnW81tL233-IK_0.6DEk-elLhhOdteTvhGv3HA&ui_locales=en"
}
]
}
}
Auth_code is returned to the TPP at the end of successful processing. TPP is responsible to exchange the auth_code for the access token.
Denmark: GET single SCA payment
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/domestic/da9c5b0c-dd0f-41b9-8cff-4bb3e95721dc
This endpoint supports GET HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/domestic/da9c5b0c-dd0f-41b9-8cff-4bb3e95721dc' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
The response looks like:
"group_header": {
"message_identification": "1ffcf6416dc7bd40",
"creation_date_time": "2024-01-08T10:24:14.368264057Z",
"http_code": 200
},
"response": {
"_id": "da9c5b0c-dd0f-41b9-8cff-4bb3e95721dc",
"external_id": "08012024-15",
"entry_date_time": "2024-01-08T10:22:50.026076Z",
"debtor": {
"account": {
"value": "23001544657247",
"_type": "BBAN_DK",
"currency": "DKK"
},
"message": "DK OBISME 2063"
},
"creditor": {
"account": {
"value": "23001544660914",
"_type": "BBAN_DK",
"currency": "DKK"
},
"message": "Valida OBISME 2063"
},
"amount": "2.6",
"currency": "DKK",
"payment_status": "Confirmed",
"tpp_messages": [],
"_links": [
{
"rel": "self",
"href": "/v4/payments/domestic/da9c5b0c-dd0f-41b9-8cff-4bb3e95721dc"
}
],
"planned_execution_date": "2024-01-09",
"urgency": "sameday",
"requested_execution_date": "2024-01-09",
"payment_type": "DOMESTIC",
"requires_second_channel_confirmation": false,
"single_sca": true
Here is an example request when Confirmation of availability of funds is used:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/domestic/da9c5b0c-dd0f-41b9-8cff-4bb3e95721dc?request_availability_of_funds=true'\
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
And here is how the response looks like with Confirmation of availability of funds:
"group_header": {
"message_identification": "1ffcf6416dc7bd40",
"creation_date_time": "2024-01-08T10:24:14.368264057Z",
"http_code": 200
},
"response": {
"_id": "da9c5b0c-dd0f-41b9-8cff-4bb3e95721dc",
"external_id": "08012024-15",
"entry_date_time": "2024-01-08T10:22:50.026076Z",
"debtor": {
"account": {
"value": "23001544657247",
"_type": "BBAN_DK",
"currency": "DKK"
},
"message": "DK OBISME 2063"
},
"creditor": {
"account": {
"value": "23001544660914",
"_type": "BBAN_DK",
"currency": "DKK"
},
"message": "Valida OBISME 2063"
},
"amount": "2.6",
"currency": "DKK",
"payment_status": "Confirmed",
"tpp_messages": [],
"_links": [
{
"rel": "self",
"href": "/v4/payments/domestic/da9c5b0c-dd0f-41b9-8cff-4bb3e95721dc"
}
],
"planned_execution_date": "2024-01-09",
"urgency": "sameday",
"requested_execution_date": "2024-01-09",
"payment_type": "DOMESTIC",
"requires_second_channel_confirmation": false,
"single_sca": true,
"availability_of_funds": false
Denmark: Payment initiation and confirmation in single SCA - DOMESTIC Own transfer
This example shows how to initiate single SCA own transfer payments in DK
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/domestic/owntransfer/singlesca/
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/domestic/owntransfer/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication_method": "REDIRECT",
"language": "en",
"redirect_uri": "https://www.example.com",
"state": "string"
},
"payment": {
"amount": "4",
"currency": "DKK",
"debtor": {
"account": {
"_type": "BBAN_DK",
"currency": "DKK",
"value": "20001545785605"
},
"message": "standard"
},
"creditor": {
"account": {
"_type": "BBAN_DK",
"currency": "DKK",
"value": "20001545768360"
},
"message": "Test message"
},
"external_id": "MK-2024050302"
}
}
And the response looks like this:
"group_header": {
"message_identification": "mmbpbqa6tk9zszmc",
"creation_date_time": "2024-05-03T11:06:06.05495712Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_dk&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=vseaqQLvZPg64iTcMml02V-DF7UxqUqgcn1ugOFf-Es&scope=openid+ndf+agreement&state=c3NjYV9wYXltZW50X2lkPU1LLTIwMjQwNTAzMDImY2xpZW50X2lkPTRmMDdkNTVhLTk5NTYtNDYxMy1iYTYzLTMxZTJjNDdkYzAyYQ&nonce=p9RZ11kSEierKgDobFCDon8MLsAiESNTNDjTda8s&login_hint=REDIRECT&signing_token=DummySignedToken&ui_locales=en"
}
]
}
}
Auth_code is returned to the TPP at the end of successful processing. TPP is responsible to exchange the auth_code for the access token.
Denmark: Payment initiation and confirmation in single SCA - CROSSBORDER
This example shows how to initiate cross border single SCA payments in DK
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/singlesca/
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication_method": "REDIRECT",
"language": "en",
"redirect_uri": "https://httpbin.org",
"state": "string"
},
"payment": {
"amount": 1.46,
"creditor": {
"bank": {
"country": "FI",
"bic": "NDEAFIHH",
"name": "Nordea Bank Abp"
},
"account": {
"_type": "IBAN",
"value": "FI1350001520000081",
"currency": "EUR"
},
"message": "SBX-Dev01",
"name": "SSK Cr",
"address": {
"line1": "FI Bank",
"line2": "Bank building extension",
"line3": "FI"
}
},
"currency": "EUR",
"debtor": {
"account": {
"_type": "BBAN_DK",
"value": "20001545785605",
"currency": "DKK"
},
"message": "Own message",
"name": "SSK Dr"
},
"external_id": "12072024ab-2",
"requested_execution_date": "2024-07-15",
"end_to_end_identification": "End to end identification"
}
}
And the response looks like this:
"group_header": {
"message_identification": "0fhb3hcbzftd9xnn",
"creation_date_time": "2024-07-12T08:16:13.334561394Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_dk&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=vseaqQLvZPg64iTcMml02V-DF7UxqUqgcn1ugOFf-Es&scope=openid+ndf+agreement&state=c3NjYV9wYXltZW50X2lkPTEyMDcyMDI0YWItMiZjbGllbnRfaWQ9NGYwN2Q1NWEtOTk1Ni00NjEzLWJhNjMtMzFlMmM0N2RjMDJh&nonce=Dliwu9FmSZv7C3HET5157e9p0B3URAJqkMn78SrP&login_hint=REDIRECT&signing_token=DummySignedToken&ui_locales=en"
}
]
}
}
Auth_code is returned to the TPP at the end of successful processing. TPP is responsible to exchange the auth_code for the access token.
PIS API SWEDEN single SCA examples
Sweden: Payment initiation and confirmation in single SCA - DOMESTIC
This example shows how to initiate single SCA payments in SE
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/domestic/singlesca/
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/domestic/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication_method": "REDIRECT",
"language": "en",
"redirect_uri": "https://www.example.com",
"state": "string"
},
"payment":
{
"amount": "3.33",
"currency": "SEK",
"debtor": {
"account": {
"_type": "PGNR",
"currency": "SEK",
"value": "9637042"
},
"message": "Ownmessage"
},
"creditor": {
"account": {
"_type": "BBAN_SE",
"currency": "SEK",
"value": "13370233835"
},
"message": "Test mess",
"name": "Test name"
},
"external_id": "MK-2024050303"
}
}
And the response looks like this:
"group_header": {
"message_identification": "jgxf0za2xp1zuq4j",
"creation_date_time": "2024-05-03T11:16:16.07919683Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_se&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=vseaqQLvZPg64iTcMml02V-DF7UxqUqgcn1ugOFf-Es&scope=openid+ndf+agreement&state=c3NjYV9wYXltZW50X2lkPU1LLTIwMjQwNTAzMDMmY2xpZW50X2lkPTRmMDdkNTVhLTk5NTYtNDYxMy1iYTYzLTMxZTJjNDdkYzAyYQ&nonce=kvQpFZLxJjN2plnXRb6O88tVvAXZpzcyEVLRZ3K5&login_hint=REDIRECT&signing_token=DummySignedToken&ui_locales=en"
}
]
}
}
Auth_code is returned to the TPP at the end of successful processing. TPP is responsible to exchange the auth_code for the access token. For GET, DELETE and CONFIRM, regular domestic endpoints can be used.
Sweden: Payment initiation and confirmation in single SCA - DOMESTIC Own transfer
This example shows how to initiate single SCA own transfer payments in SE
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/domestic/owntransfer/singlesca/
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/domestic/owntransfer/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication_method": "REDIRECT",
"language": "en",
"redirect_uri": "https://www.example.com",
"state": "string"
},
"payment":
{
"amount": "3.33",
"currency": "SEK",
"debtor": {
"account": {
"_type": "PGNR",
"currency": "SEK",
"value": "9637042"
},
"message": "Ownmessage"
},
"creditor": {
"account": {
"_type": "BBAN_SE",
"currency": "SEK",
"value": "41350000155"
},
"message": "Test mess"
},
"external_id": "MK-2024050304"
}
}
And the response looks like this:
"group_header": {
"message_identification": "mwh2dkzrptk0mzxu",
"creation_date_time": "2024-05-03T11:18:05.019437474Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_se&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=vseaqQLvZPg64iTcMml02V-DF7UxqUqgcn1ugOFf-Es&scope=openid+ndf+agreement&state=c3NjYV9wYXltZW50X2lkPU1LLTIwMjQwNTAzMDQmY2xpZW50X2lkPTRmMDdkNTVhLTk5NTYtNDYxMy1iYTYzLTMxZTJjNDdkYzAyYQ&nonce=Oh6S14ZB9WO9AHcJzReynS4Qd3pGHC2wbdGIUoFZ&login_hint=REDIRECT&signing_token=DummySignedToken&ui_locales=en"
}
]
}
}
Auth_code is returned to the TPP at the end of successful processing. TPP is responsible to exchange the auth_code for the access token.
Sweden: Payment initiation and confirmation in single SCA - DOMESTIC Salary/pension
This example shows how to initiate single SCA salary/pension payments in SE
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/domestic/salarypension/singlesca/
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/domestic/salarypension/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication_method": "REDIRECT",
"language": "en",
"redirect_uri": "https://www.example.com",
"state": "string"
},
"payment":
{
"amount": "3.33",
"currency": "SEK",
"debtor": {
"account": {
"_type": "PGNR",
"currency": "SEK",
"value": "9637042"
},
"message": "Ownmessage"
},
"creditor": {
"account": {
"_type": "BBAN_SE",
"currency": "SEK",
"value": "13370233835"
},
"message": "Test mess",
"name": "Test name"
},
"external_id": "MK-2024050305",
"payment_type": "salary"
}
}
And the response looks like this:
"group_header": {
"message_identification": "vgojww3t2h4zb97n",
"creation_date_time": "2024-05-03T11:20:01.906194394Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_se&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=vseaqQLvZPg64iTcMml02V-DF7UxqUqgcn1ugOFf-Es&scope=openid+ndf+agreement&state=c3NjYV9wYXltZW50X2lkPU1LLTIwMjQwNTAzMDUmY2xpZW50X2lkPTRmMDdkNTVhLTk5NTYtNDYxMy1iYTYzLTMxZTJjNDdkYzAyYQ&nonce=1r0q9chXdTMt1cstPv0ScVwutgG87DkEhlsojn7s&login_hint=REDIRECT&signing_token=DummySignedToken&ui_locales=en"
}
]
}
}
Auth_code is returned to the TPP at the end of successful processing. TPP is responsible to exchange the auth_code for the access token.
Sweden: Payment initiation and confirmation in single SCA - CROSSBORDER
This example shows how to initiate cross border single SCA payments in SE
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/singlesca/
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication_method": "REDIRECT",
"language": "en",
"redirect_uri": "https://httpbin.org",
"state": "string"
},
"payment": {
"amount": 1.3,
"charge_paid_by": "shared",
"creditor": {
"bank": {
"country": "DK",
"bic": "NDEADKKK",
"name": "Nordea"
},
"account": {
"_type": "IBAN",
"value": "DK2020001544660914",
"currency": "DKK"
},
"address": {
"line1": "DK Bank",
"line2": "Nordea Bank Abp"
},
"message": "SBX-Dev01",
"name": "SSK Cr"
},
"currency": "DKK",
"debtor": {
"account": {
"_type": "PGNR",
"value": "50501055",
"currency": "SEK"
},
"message": "Own message",
"name": "SSK Dr"
},
"external_id": "12072024ab-3",
"requested_execution_date": "2024-07-15",
"end_to_end_identification": "End to end identification"
}
}
And the response looks like this:
"group_header": {
"message_identification": "410mpsltd0jjf0fm",
"creation_date_time": "2024-07-12T08:24:32.956802444Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_se&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=vseaqQLvZPg64iTcMml02V-DF7UxqUqgcn1ugOFf-Es&scope=openid+ndf+agreement&state=c3NjYV9wYXltZW50X2lkPTEyMDcyMDI0YWItMyZjbGllbnRfaWQ9NGYwN2Q1NWEtOTk1Ni00NjEzLWJhNjMtMzFlMmM0N2RjMDJh&nonce=cqxt6zEuasHhGQufHEyKq0sK6rjwBTgoWouhnUY6&login_hint=REDIRECT&signing_token=DummySignedToken&ui_locales=en"
}
]
}
}
Auth_code is returned to the TPP at the end of successful processing. TPP is responsible to exchange the auth_code for the access token.
PIS API NORWAY single SCA examples
Norway: Payment initiation and confirmation in single SCA - DOMESTIC
This example shows how to initiate single SCA payments in NO
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/domestic/singlesca/
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/domestic/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication_method": "REDIRECT",
"language": "en",
"redirect_uri": "https://www.example.com",
"state": "string"
},
"payment":
{
"amount": "3.33",
"currency": "NOK",
"debtor": {
"account": {
"_type": "BBAN_NO",
"currency": "NOK",
"value": "61735686908"
},
"message": "Ownmessage"
},
"creditor": {
"account": {
"_type": "BBAN_NO",
"currency": "NOK",
"value": "60030505428"
},
"message": "Test mess",
"name": "Test name"
},
"external_id": "MK-2024050306"
}
}
And the response looks like this:
"group_header": {
"message_identification": "gf7y5l6d3nf49m4n",
"creation_date_time": "2024-05-03T11:25:59.620266311Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_no&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=vseaqQLvZPg64iTcMml02V-DF7UxqUqgcn1ugOFf-Es&scope=openid+ndf+agreement&state=c3NjYV9wYXltZW50X2lkPU1LLTIwMjQwNTAzMDYmY2xpZW50X2lkPTRmMDdkNTVhLTk5NTYtNDYxMy1iYTYzLTMxZTJjNDdkYzAyYQ&nonce=xtaZMnFgbzGL3CnGegbSr1y46nXlNWCw51pCYLBg&login_hint=REDIRECT&signing_token=DummySignedToken&ui_locales=en"
}
]
}
}
Auth_code is returned to the TPP at the end of successful processing. TPP is responsible to exchange the auth_code for the access token. For GET, DELETE and CONFIRM, regular domestic endpoints can be used.
Norway: Payment initiation and confirmation in single SCA - DOMESTIC Own transfer
This example shows how to initiate single SCA own transfer payments in NO
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/domestic/owntransfer/singlesca/
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/domestic/owntransfer/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication_method": "REDIRECT",
"language": "en",
"redirect_uri": "https://www.example.com",
"state": "string"
},
"payment":
{
"amount": "3.33",
"currency": "NOK",
"debtor": {
"account": {
"_type": "BBAN_NO",
"currency": "NOK",
"value": "61735686908"
},
"message": "Ownmessage"
},
"creditor": {
"account": {
"_type": "BBAN_NO",
"currency": "NOK",
"value": "60010099902"
},
"message": "Test mess",
"name": "Test name"
},
"external_id": "MK-2024050307"
}
}
And the response looks like this:
"group_header": {
"message_identification": "4rfpw8i5a6lfl0gs",
"creation_date_time": "2024-05-03T11:27:07.122935888Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_no&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=vseaqQLvZPg64iTcMml02V-DF7UxqUqgcn1ugOFf-Es&scope=openid+ndf+agreement&state=c3NjYV9wYXltZW50X2lkPU1LLTIwMjQwNTAzMDcmY2xpZW50X2lkPTRmMDdkNTVhLTk5NTYtNDYxMy1iYTYzLTMxZTJjNDdkYzAyYQ&nonce=bs6QkvHjIdboGrOePoy6zA7Nqsg8IlnUlG67jBKf&login_hint=REDIRECT&signing_token=DummySignedToken&ui_locales=en"
}
]
}
}
Auth_code is returned to the TPP at the end of successful processing. TPP is responsible to exchange the auth_code for the access token.
Norway: Payment initiation and confirmation in single SCA - DOMESTIC Salary/pension
This example shows how to initiate single SCA salary/pension payments in NO
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/domestic/salarypension/singlesca/
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/domestic/salarypension/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication_method": "REDIRECT",
"language": "en",
"redirect_uri": "https://www.example.com",
"state": "string"
},
"payment":
{
"amount": "3.33",
"currency": "NOK",
"debtor": {
"account": {
"_type": "BBAN_NO",
"currency": "NOK",
"value": "61735686908"
},
"message": "Ownmessage"
},
"creditor": {
"account": {
"_type": "BBAN_NO",
"currency": "NOK",
"value": "60030505428"
},
"message": "Test mess",
"name": "Test name"
},
"external_id": "MK-2024050308",
"payment_type": "salary"
}
}
And the response looks like this:
"group_header": {
"message_identification": "faqdkyqqp0805f00",
"creation_date_time": "2024-05-03T11:28:42.310557642Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/nasa-mock?client_id=dummy_client_id_no&code_challenge_method=S256&redirect_uri=https://sandbox-business-obh.esp.rs.dev01.qaoneadr.local/v4/payments/domestic/sign/callback&response_type=code&code_challenge=vseaqQLvZPg64iTcMml02V-DF7UxqUqgcn1ugOFf-Es&scope=openid+ndf+agreement&state=c3NjYV9wYXltZW50X2lkPU1LLTIwMjQwNTAzMDgmY2xpZW50X2lkPTRmMDdkNTVhLTk5NTYtNDYxMy1iYTYzLTMxZTJjNDdkYzAyYQ&nonce=ioA6SJ5Rnksm7lxwmNi9Z8UgflcB3dqmTAr4OwDT&login_hint=REDIRECT&signing_token=DummySignedToken&ui_locales=en"
}
]
}
}
Auth_code is returned to the TPP at the end of successful processing. TPP is responsible to exchange the auth_code for the access token.
Norway: Payment initiation and confirmation in single SCA - CROSSBORDER
This example shows how to initiate cross border single SCA payments in NO
This endpoint URL has the following form
https://api.nordeaopenbanking.com/business/v4/payments/crossborder/singlesca/
This endpoint supports POST HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/business/v4/payments/crossborder/singlesca' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"authentication_method": "REDIRECT",
"language": "en",
"redirect_uri": "
https://httpbin.org"
,
"state": "string"
},
"payment": {
"amount": 1.45,
"creditor": {
"bank": {
"country": "FI",
"bic": "NDEAFIHH",
"name": "Nordea Bank Abp"
},
"account": {
"_type": "IBAN",
"value": "FI1350001520000081",
"currency": "EUR"
},
"message": "SBX-Dev01",
"name": "YP",
"address": {
"line1": "DK Bank",
"line2": "Bank building extension",
"line3": "DK",
"line4": "DK"
}
},
"currency": "EUR",
"debtor": {
"account": {
"_type": "BBAN_NO",
"value": "60398620634",
"currency": "NOK"
},
"message": "val payment list",
"name": "YP Test"
},
"external_id": "17-09-2024-03",
"requested_execution_date": "2024-09-29",
"end_to_end_identification": "End to end identification"
}
}
And the response looks like this:
"group_header": {
"message_identification": "755ed6cfc7030a26a5300c5c221cb1df",
"creation_date_time": "2024-09-17T12:50:45.409164026Z",
"http_code": 201
},
"errors": [],
"response": {
"_links": [
{
"rel": "signing",
"href": "https://api.dev.nordeaopenbanking.com/business/nasa-mock?client_id=dummy_client_id_no&code_challenge_method=S256&redirect_uri=https://example.com&response_type=code&code_challenge=vseaqQLvZPg64iTcMml02V-DF7UxqUqgcn1ugOFf-Es&scope=openid+ndf+agreement&state=c3NjYV9wYXltZW50X2lkPTE3LTA5LTIwMjQtMDMmY2xpZW50X2lkPTUxMGE5MWM5LThmN2UtNDQ0Zi1iZWE4LWMwMDA5YjM4MzdiYw&nonce=6FzM2sZmjWxyQloSxcVrje4roCoo1boGKpsG4lLH&login_hint=REDIRECT&signing_token=DummySignedToken&ui_locales=en"
}
]
}
}