API Market documentation

PIS API specific documentation

Changes from the previous version

This is the change log of the PIS API for Single SCA, allowing PSD2-regulated TPPs to initiate payments on behalf of the PSU. The top most item is the latest change and the API changes described in it are relative to the version directly below.

Version 1.0

Endpoints added.

/v1/payments/authorization/sepa-credit-transfer
/v1/payments/authorization/domestic-credit-transfer (SE only for now, DK and NO will come later)
/v1/payments/<externalId>/status

Overview

Payment Initiation Services (PIS) API for Single SCA consists only of three endpoints, two for initiation of a SEPA or domestic payment, and one to get the status of the payment.

Note: As per specified in the API Reference, this service only allows IBAN-IBAN bank transfers in local currency without reference details.

API endpoints

The PIS API for Single SCA contains the following endpoints:

Endpoint	Supported HTTP Methods
`/payments/authorization/sepa-credit-transfer`	POST
`/payments/authorization/domestic-credit-transfer`	POST
`/payments/{externalId}/status`	GET

After the payment is initiated by POST request to this endpoint, it will be available by doing GET /status request to this endpoint which returns the status of the payment. There are no payment details available in /status only the payment status.

Note: Neither of these services requires the usual access token, only a signature and other headers. This also applies to production.

sandbox only

In Sandbox: Note that the `payment_status` of payment will be updated from 'Not found' to Paid/Rejected by activating the signing link supplied in the payment initiation request. The link looks different from production and only mocks the signing process.

PIS API scenarios for Single SCA

There are no scenarios available in this PIS API.

PIS API for Single SCA examples Finland

Finland: initiate a new payment

In this example, we initiate a new payment.

Note: There is no requested execution date in the request. Only today’s payments can be initiated. Also no recurrence for this payment type. If the payment is initiated after local cut-off times, then payment will be rejected.

This endpoint URL has the following form:

https://api.nordeaopenbanking.com/personal/v1/payments/authorization/sepa-credit-transfer

This endpoint supports POST method only.

Here is an example request:

$ curl 'https://api.nordeaopenbanking.com/personal/v1/payments/authorization/sepa-credit-transfer' -i -X POST \
    -H 'X-Nordea-Originating-Host: <host>' \
    -H 'X-Nordea-Originating-Date: <now>' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer <access_token>' \
    -H 'digest: <generated_digest>' \
    -H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
    -H 'X-IBM-Client-Id: <your_client_id>' \
    -H 'X-IBM-Client-Secret: <your_client_secret>' \
    -H 'Content-Type: application/json; charset=UTF-8' \
    -d '{
"payment":
{
    "amount": 19.99,
    "currency": "EUR",
    "creditor":
    {
        "account":
        {
            "value": "FI5211123500024978",
            "currency": "EUR"
        },
        "name": "Beneficiary name",
        "message": "Message to beneficiary"
    },
    "debtor":
    {
        "account":
        {
            "currency": "EUR",
            "value": "FI6915723500036470"
        }
    },
    "merchant": "shopname",
    "external_id": "e1fb7276-1955-43fe-acbb-cee0214be6f6"
},
"authentication":
{
    "state": "state",
    "redirect_uri": "https://www.nordea.com",
    "authentication_method": "MTA"
}
 
}'

And the sample response looks like this:

{
  "group_header": {
    "message_identification": "b5b3e9196e715429",
    "creation_date_time": "2020-12-21T15:15:02.740006Z",
    "http_code": 201
  },
  "response": {
    "_links": [
      {
        "rel": "redirect",
        "href": "https://<nordeasigninghost>?client_id=Rsf9OPDHmnLy2Sfyr4UF&code_challenge_method=S256&redirect_uri=https%3A%2F%2F<nordeapaymentgateway>%2Fv1%2Fpayments%2Fauthorization%2Fcallback&response_type=code&code_challenge=KUBvaOzl8Q1afr0jwDy8165CxYKoheRox6hbznf3zqA&scope=openid+ndf+agreement&state=03db409f-280f-452a-9d62-c79779e159d4&nonce=bDkNOHcmIZuRQ1erohU6gDlL9MiArJfMqxEFGNj3&login_hint=card_rdr&signing_token=eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.tv-IL1mxnvAx5QxS6KsfA4nSKAmt5CFrQW8fhismTwsvFmnXrDV3xX4HxFf9c0V9__Uq-jM1umUm6fFNdjEywswjRhwZbMUyZxhx693fwY9M6FB9AV7Rayf_dovDscyXLSudoiOmQGewxo-EhEHa9jNtJu_X2femG3ZDvak4NRva7E9ns0z0yWbMOKQkrBmZdgiWZv55IaW2HnZ151Xz82L8AruMDborxOQ-ongAHQ8RBjQJ6pGY_xfkwSBsddqTLUWifShaRZE09shFfhC77uCtEtqI06G5HHn57f_cx1YSYgHiW7A4ygw9d_zh611JXjZbL0Bz0qw2k89sC6pFVg.t-iziBzWDErYoFe3.wGy9iMfyRSpLMRtfruWYhBVU9OY0jPULFUYfsYulF5ogaoTIFGM-MF2DA8X06asbI-HmqLVcbcexLTjBmAwCf1T-aVF_xvNwOkAgX3iKMi10cPp9eLTazDkKUGk3tHiDh7crDOlum78E0ppdO2sIhOEN01W221Mb9IqrRlWesPAtG7A3-xo1Sm2IYjhwRPNaxWpfxsoD4210tvWakRJ6bDRCQmeMDM8xazRvBGxpECSgSPBE6ruDy8C-XcPekE6v4lKZbSVhOQb21nQDxMpjzCMlB2gEkDnO9rU7b9kOS6YZqQMX1NkVp8aPiKrk46A6tg07Dm_1ACHWjLF2lLhibhZ8SqFUZaojpX-gkmiCvl8QW1kVLdDShgJoVLMQ7sohn9U--bsXozC0mSHHooTT5MD-mf6ye9AbXic7YZRhMrnvKLnTTSKqVeWg_zDB9IVQ-2hBxTQP8PXHjE08YbfUZKW64kG0aeR-KPSg9KTRspye3dK6g_WRl0JQXvui2-L6jX5dG-uL9T5dRk74uIOpkKH_UfyVrwGEELvnxW2j5fhBpQWT0hE8VIX7sk64epZ5zBXvhG5v0qb9CvIKKAcp_NGif7VCr9iZEF84e8d5HzHqUiBMyDXrv1GJsoo0eOYGJlFPg80WRk_XuARZQ99NAqB0IxDsWsM0oO236-SmOa2f8Di3qml-V7jnlRjOvXwq8IVfWoCVl_0S3r4zt0gmNaIaPP7Hf1wCDmeIuOFJyBqJdrFAQIuzVAE7st5bWXpfbO7PhSUj_IAsjP3PxbAsrsgBC4qkMALSI0ugk5kF-7oJhfAhLq_xg18CtKGGLP4zGJc2OnwJJLjgUbq05BQT8fbpzL7_e0pcIXow9Inx9VuHc2nQlZkCd-oP2P25hGPteh4Hsl3X6mPPEpv4vF_Fs1HcwnU_pL6GK1sW0legKqE817h0dO9PrVubmh3syljKS8Ux8RE897k-NaoV3s6O9wLyAlJJmrnXHY_gPTsQUdfSOze-os_Ayqk4vuVVz-7roYa3L0eveqNV4vooy9Ic4bdU4IgLTx3-FOGBuPRWXzMYV0bqwOv2aLMDHZlbYPFcvaxqteJAE_IBEUfuxbSSKe2duSKBMShLjOCO127tfE9XOulavLrwphAUDDI3GVa1tWdSElZYFKdr9PgVe_maUVMrgpde_USccJUa4zzwIUtfXopuvMFuUcn14fN_toZXgsUuME_jzW0kR_K_bC6I8FVFVfXY-Wd6BrGShRi71c0DORzhR_8JtUDwhzU2ouqs5PtAwY_i1zCij18syjH7gwXbX_cUmb1D0mR6y9CErWN8_TxG3VreuhQClmxw8p2FYtliMveccL5NTU4ASFFTeYycDlRIAUrcUvVGtGwPmh_4jfO063Trq6vBivqGNDryAMM8SKpSZX-b2xd6sZyvdvO9qtsdiq2dAd-yVdKfhlWWYZodIYnHHl9g1KzdFYGl9g3UexlTIW87yolxqyxay6-FN9470U7qDT6NqS6XJGnOk71X-3kQ5ID-5PRaIAsXXuJfS-_5kDlZXoZyZwWZ3jolANnKpgO6tRfoyh3QJjquU8drKbrektbnYSHFooe0xz_OvoRp2LCVEzFfZVKEm120OOcXASnXk-jygMz0uskSOj_bisVPmU5KXQ9G2Y8JvqY1Q8ub_mOcOrXTNJZ3iL8_ZbKpydMsWAk2PuvEXKPNcGo4xeKAcm2cMcnI6OV9M9zyfRy1hfSGQjVblql4lBULEA7k8kUy0RkHUklT5qqvVcQVGpsRkty8vtRwAuBRMXJxffUjE7R7L2-98sbHwX1nWesOZX_Jao7OZoJpketNvcELZrtIxS7H9BPymcJQS1S8Y2sXbxkmoSgTnQ3oC0fNG18tCkIQUnJz.TcMQzybGgNludlr3r_fP6Q"
      },
      {
        "rel": "status",
        "href": "/v1/payments/e1fb7276-1955-43fe-acbb-cee0214be6f1/status"
      }
    ]
  }
}

Finland: get payment status

This example shows how to query payment status.

This endpoint URL has the following form:

https://api.nordeaopenbanking.com/personal/v1/payments/{externalId}/status

This endpoint supports GET HTTP Method only.

Here is an example request:

$ curl 'https://api.nordeaopenbanking.com/personal/v1/payments/{externalId}/status' -i -X GET \
    -H 'X-Nordea-Originating-Host: <host>' \
    -H 'X-Nordea-Originating-Date: <now>' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer <access_token>' \
    -H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
    -H 'X-IBM-Client-Id: <your_client_id>' \
    -H 'X-IBM-Client-Secret: <your_client_secret>'

And here is how the response looks:

{
  "group_header": {
    "message_identification": "92de1dca04f7b77a",
    "creation_date_time": "2021-01-07T08:27:48.995481Z",
    "http_code": 200
  },
  "response": {
    "external_id": "e1fb7276-1955-43fe-acbb-cee0214be6f1",
    "status": "Paid"
  }
}

Note that before the signing url has been called, the payment does not exists yet, it means the payment signing process has to be started by you and your customer.

PIS API for Single SCA examples Denmark

Denmark: initiate a new payment

In this example, we initiate a new payment.

This endpoint URL has the following form:

https://api.nordeaopenbanking.com/personal/v1/payments/authorization/domestic-credit-transfer

This endpoint supports POST method only.

Here is an example request:

$ curl 'https://api.nordeaopenbanking.com/personal/v1/payments/authorization/domestic-credit-transfer' -i -X POST \
    -H 'X-Nordea-Originating-Host: <host>' \
    -H 'X-Nordea-Originating-Date: <now>' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer <access_token>' \
    -H 'digest: <generated_digest>' \
    -H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
    -H 'X-IBM-Client-Id: <your_client_id>' \
    -H 'X-IBM-Client-Secret: <your_client_secret>' \
    -H 'Content-Type: application/json; charset=UTF-8' \
    -d '{
"payment":
{
    "amount": 25.00,
    "currency": "DKK",
    "creditor":
    {
        "account":
        {
            "value": "DK6620008095627545",
            "currency": "DKK"
        },
        "name": "Beneficiary name",
        "message": "Message to beneficiary"
    },
    "debtor":
    {
        "account":
        {
            "currency": "DKK",
            "value": "DK4320004394581416"
        }
    },
    "merchant": "shopname",
    "external_id": "e1fb7276-1955-43fe-acbb-cee0214be6f6"
},
"authentication":
{
    "state": "state",
    "redirect_uri": "https://www.nordea.com"
}
 
}'

Note: Leave authentication_method out as this is not ready for Denmark yet. We are waiting for MitID to be rolled out, which also means that Denmark will be the last country in production.

And the sample response looks like this:

{
  "group_header": {
    "message_identification": "b5b3e9196e715429",
    "creation_date_time": "2020-12-21T15:15:02.740006Z",
    "http_code": 201
  },
  "response": {
    "_links": [
      {
        "rel": "redirect",
        "href": "https://<nordeasigninghost>?client_id=Rsf9OPDHmnLy2Sfyr4UF&code_challenge_method=S256&redirect_uri=https%3A%2F%2F<nordeapaymentgateway>%2Fv1%2Fpayments%2Fauthorization%2Fcallback&response_type=code&code_challenge=KUBvaOzl8Q1afr0jwDy8165CxYKoheRox6hbznf3zqA&scope=openid+ndf+agreement&state=03db409f-280f-452a-9d62-c79779e159d4&nonce=bDkNOHcmIZuRQ1erohU6gDlL9MiArJfMqxEFGNj3&login_hint=card_rdr&signing_token=eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.tv-IL1mxnvAx5QxS6KsfA4nSKAmt5CFrQW8fhismTwsvFmnXrDV3xX4HxFf9c0V9__Uq-jM1umUm6fFNdjEywswjRhwZbMUyZxhx693fwY9M6FB9AV7Rayf_dovDscyXLSudoiOmQGewxo-EhEHa9jNtJu_X2femG3ZDvak4NRva7E9ns0z0yWbMOKQkrBmZdgiWZv55IaW2HnZ151Xz82L8AruMDborxOQ-ongAHQ8RBjQJ6pGY_xfkwSBsddqTLUWifShaRZE09shFfhC77uCtEtqI06G5HHn57f_cx1YSYgHiW7A4ygw9d_zh611JXjZbL0Bz0qw2k89sC6pFVg.t-iziBzWDErYoFe3.wGy9iMfyRSpLMRtfruWYhBVU9OY0jPULFUYfsYulF5ogaoTIFGM-MF2DA8X06asbI-HmqLVcbcexLTjBmAwCf1T-aVF_xvNwOkAgX3iKMi10cPp9eLTazDkKUGk3tHiDh7crDOlum78E0ppdO2sIhOEN01W221Mb9IqrRlWesPAtG7A3-xo1Sm2IYjhwRPNaxWpfxsoD4210tvWakRJ6bDRCQmeMDM8xazRvBGxpECSgSPBE6ruDy8C-XcPekE6v4lKZbSVhOQb21nQDxMpjzCMlB2gEkDnO9rU7b9kOS6YZqQMX1NkVp8aPiKrk46A6tg07Dm_1ACHWjLF2lLhibhZ8SqFUZaojpX-gkmiCvl8QW1kVLdDShgJoVLMQ7sohn9U--bsXozC0mSHHooTT5MD-mf6ye9AbXic7YZRhMrnvKLnTTSKqVeWg_zDB9IVQ-2hBxTQP8PXHjE08YbfUZKW64kG0aeR-KPSg9KTRspye3dK6g_WRl0JQXvui2-L6jX5dG-uL9T5dRk74uIOpkKH_UfyVrwGEELvnxW2j5fhBpQWT0hE8VIX7sk64epZ5zBXvhG5v0qb9CvIKKAcp_NGif7VCr9iZEF84e8d5HzHqUiBMyDXrv1GJsoo0eOYGJlFPg80WRk_XuARZQ99NAqB0IxDsWsM0oO236-SmOa2f8Di3qml-V7jnlRjOvXwq8IVfWoCVl_0S3r4zt0gmNaIaPP7Hf1wCDmeIuOFJyBqJdrFAQIuzVAE7st5bWXpfbO7PhSUj_IAsjP3PxbAsrsgBC4qkMALSI0ugk5kF-7oJhfAhLq_xg18CtKGGLP4zGJc2OnwJJLjgUbq05BQT8fbpzL7_e0pcIXow9Inx9VuHc2nQlZkCd-oP2P25hGPteh4Hsl3X6mPPEpv4vF_Fs1HcwnU_pL6GK1sW0legKqE817h0dO9PrVubmh3syljKS8Ux8RE897k-NaoV3s6O9wLyAlJJmrnXHY_gPTsQUdfSOze-os_Ayqk4vuVVz-7roYa3L0eveqNV4vooy9Ic4bdU4IgLTx3-FOGBuPRWXzMYV0bqwOv2aLMDHZlbYPFcvaxqteJAE_IBEUfuxbSSKe2duSKBMShLjOCO127tfE9XOulavLrwphAUDDI3GVa1tWdSElZYFKdr9PgVe_maUVMrgpde_USccJUa4zzwIUtfXopuvMFuUcn14fN_toZXgsUuME_jzW0kR_K_bC6I8FVFVfXY-Wd6BrGShRi71c0DORzhR_8JtUDwhzU2ouqs5PtAwY_i1zCij18syjH7gwXbX_cUmb1D0mR6y9CErWN8_TxG3VreuhQClmxw8p2FYtliMveccL5NTU4ASFFTeYycDlRIAUrcUvVGtGwPmh_4jfO063Trq6vBivqGNDryAMM8SKpSZX-b2xd6sZyvdvO9qtsdiq2dAd-yVdKfhlWWYZodIYnHHl9g1KzdFYGl9g3UexlTIW87yolxqyxay6-FN9470U7qDT6NqS6XJGnOk71X-3kQ5ID-5PRaIAsXXuJfS-_5kDlZXoZyZwWZ3jolANnKpgO6tRfoyh3QJjquU8drKbrektbnYSHFooe0xz_OvoRp2LCVEzFfZVKEm120OOcXASnXk-jygMz0uskSOj_bisVPmU5KXQ9G2Y8JvqY1Q8ub_mOcOrXTNJZ3iL8_ZbKpydMsWAk2PuvEXKPNcGo4xeKAcm2cMcnI6OV9M9zyfRy1hfSGQjVblql4lBULEA7k8kUy0RkHUklT5qqvVcQVGpsRkty8vtRwAuBRMXJxffUjE7R7L2-98sbHwX1nWesOZX_Jao7OZoJpketNvcELZrtIxS7H9BPymcJQS1S8Y2sXbxkmoSgTnQ3oC0fNG18tCkIQUnJz.TcMQzybGgNludlr3r_fP6Q"
      },
      {
        "rel": "status",
        "href": "/v1/payments/e1fb7276-1955-43fe-acbb-cee0214be6f6/status"
      }
    ]
  }
}

Denmark: get payment status

This example shows how to query payment status.

This endpoint URL has the following form:

https://api.nordeaopenbanking.com/personal/v1/payments/{externalId}/status

This endpoint supports GET HTTP Method only.

Here is an example request:

$ curl 'https://api.nordeaopenbanking.com/personal/v1/payments/{externalId}/status' -i -X GET \
    -H 'X-Nordea-Originating-Host: <host>' \
    -H 'X-Nordea-Originating-Date: <now>' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer <access_token>' \
    -H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
    -H 'X-IBM-Client-Id: <your_client_id>' \
    -H 'X-IBM-Client-Secret: <your_client_secret>'

And here is how the response looks:

{
  "group_header": {
    "message_identification": "92de1dca04f7b77a",
    "creation_date_time": "2021-01-07T08:27:48.995481Z",
    "http_code": 200
  },
  "response": {
    "external_id": "e1fb7276-1955-43fe-acbb-cee0214be6f6",
    "status": "Paid"
  }
}

Note that before the signing url has been called, the payment does not exists yet, it means the payment signing process has to be started by you and your customer.

PIS API for Single SCA examples Sweden

Sweden: initiate a new payment

In this example, we initiate a new payment.

This endpoint URL has the following form:

https://api.nordeaopenbanking.com/personal/v1/payments/authorization/domestic-credit-transfer

This endpoint supports POST method only.

And here is example request:

$ curl 'https://api.nordeaopenbanking.com/personal/v1/payments/authorization/domestic-credit-transfer' -i -X POST \
    -H 'X-Nordea-Originating-Host: <host>' \
    -H 'X-Nordea-Originating-Date: <now>' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer <access_token>' \
    -H 'digest: <generated_digest>' \
    -H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
    -H 'X-IBM-Client-Id: <your_client_id>' \
    -H 'X-IBM-Client-Secret: <your_client_secret>'
    -H 'Content-Type: application/json; charset=UTF-8' \
    -d '{
"payment":
{
    "amount": 29.00,
    "currency": "SEK",
    "creditor":
    {
        "account":
        {
            "value": "SE4130000000030960045082",
            "currency": "SEK"
        },
        "name": "Beneficiary name",
        "message": "Message to beneficiary"
    },
    "debtor":
    {
        "account":
        {
            "currency": "SEK",
            "value": "SE1030000000030960045058"
        }
    },
    "merchant": "shopname",
    "external_id": "e1fb7276-1955-43fe-acbb-cee0214be6f7"
},
"authentication":
{
    "state": "state",
    "redirect_uri": "https://www.nordea.com",
    "authentication_method": "CARD_RDR"
}
 
}'

And the response looks like this:

{
  "group_header": {
    "message_identification": "b5b3e9196e715429",
    "creation_date_time": "2020-12-21T15:15:02.740006Z",
    "http_code": 201
  },
  "response": {
    "_links": [
      {
        "rel": "redirect",
        "href": "https://<nordeasigninghost>?client_id=Rsf9OPDHmnLy2Sfyr4UF&code_challenge_method=S256&redirect_uri=https%3A%2F%2F<nordeapaymentgateway>%2Fv1%2Fpayments%2Fauthorization%2Fcallback&response_type=code&code_challenge=KUBvaOzl8Q1afr0jwDy8165CxYKoheRox6hbznf3zqA&scope=openid+ndf+agreement&state=03db409f-280f-452a-9d62-c79779e159d4&nonce=bDkNOHcmIZuRQ1erohU6gDlL9MiArJfMqxEFGNj3&login_hint=card_rdr&signing_token=eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.tv-IL1mxnvAx5QxS6KsfA4nSKAmt5CFrQW8fhismTwsvFmnXrDV3xX4HxFf9c0V9__Uq-jM1umUm6fFNdjEywswjRhwZbMUyZxhx693fwY9M6FB9AV7Rayf_dovDscyXLSudoiOmQGewxo-EhEHa9jNtJu_X2femG3ZDvak4NRva7E9ns0z0yWbMOKQkrBmZdgiWZv55IaW2HnZ151Xz82L8AruMDborxOQ-ongAHQ8RBjQJ6pGY_xfkwSBsddqTLUWifShaRZE09shFfhC77uCtEtqI06G5HHn57f_cx1YSYgHiW7A4ygw9d_zh611JXjZbL0Bz0qw2k89sC6pFVg.t-iziBzWDErYoFe3.wGy9iMfyRSpLMRtfruWYhBVU9OY0jPULFUYfsYulF5ogaoTIFGM-MF2DA8X06asbI-HmqLVcbcexLTjBmAwCf1T-aVF_xvNwOkAgX3iKMi10cPp9eLTazDkKUGk3tHiDh7crDOlum78E0ppdO2sIhOEN01W221Mb9IqrRlWesPAtG7A3-xo1Sm2IYjhwRPNaxWpfxsoD4210tvWakRJ6bDRCQmeMDM8xazRvBGxpECSgSPBE6ruDy8C-XcPekE6v4lKZbSVhOQb21nQDxMpjzCMlB2gEkDnO9rU7b9kOS6YZqQMX1NkVp8aPiKrk46A6tg07Dm_1ACHWjLF2lLhibhZ8SqFUZaojpX-gkmiCvl8QW1kVLdDShgJoVLMQ7sohn9U--bsXozC0mSHHooTT5MD-mf6ye9AbXic7YZRhMrnvKLnTTSKqVeWg_zDB9IVQ-2hBxTQP8PXHjE08YbfUZKW64kG0aeR-KPSg9KTRspye3dK6g_WRl0JQXvui2-L6jX5dG-uL9T5dRk74uIOpkKH_UfyVrwGEELvnxW2j5fhBpQWT0hE8VIX7sk64epZ5zBXvhG5v0qb9CvIKKAcp_NGif7VCr9iZEF84e8d5HzHqUiBMyDXrv1GJsoo0eOYGJlFPg80WRk_XuARZQ99NAqB0IxDsWsM0oO236-SmOa2f8Di3qml-V7jnlRjOvXwq8IVfWoCVl_0S3r4zt0gmNaIaPP7Hf1wCDmeIuOFJyBqJdrFAQIuzVAE7st5bWXpfbO7PhSUj_IAsjP3PxbAsrsgBC4qkMALSI0ugk5kF-7oJhfAhLq_xg18CtKGGLP4zGJc2OnwJJLjgUbq05BQT8fbpzL7_e0pcIXow9Inx9VuHc2nQlZkCd-oP2P25hGPteh4Hsl3X6mPPEpv4vF_Fs1HcwnU_pL6GK1sW0legKqE817h0dO9PrVubmh3syljKS8Ux8RE897k-NaoV3s6O9wLyAlJJmrnXHY_gPTsQUdfSOze-os_Ayqk4vuVVz-7roYa3L0eveqNV4vooy9Ic4bdU4IgLTx3-FOGBuPRWXzMYV0bqwOv2aLMDHZlbYPFcvaxqteJAE_IBEUfuxbSSKe2duSKBMShLjOCO127tfE9XOulavLrwphAUDDI3GVa1tWdSElZYFKdr9PgVe_maUVMrgpde_USccJUa4zzwIUtfXopuvMFuUcn14fN_toZXgsUuME_jzW0kR_K_bC6I8FVFVfXY-Wd6BrGShRi71c0DORzhR_8JtUDwhzU2ouqs5PtAwY_i1zCij18syjH7gwXbX_cUmb1D0mR6y9CErWN8_TxG3VreuhQClmxw8p2FYtliMveccL5NTU4ASFFTeYycDlRIAUrcUvVGtGwPmh_4jfO063Trq6vBivqGNDryAMM8SKpSZX-b2xd6sZyvdvO9qtsdiq2dAd-yVdKfhlWWYZodIYnHHl9g1KzdFYGl9g3UexlTIW87yolxqyxay6-FN9470U7qDT6NqS6XJGnOk71X-3kQ5ID-5PRaIAsXXuJfS-_5kDlZXoZyZwWZ3jolANnKpgO6tRfoyh3QJjquU8drKbrektbnYSHFooe0xz_OvoRp2LCVEzFfZVKEm120OOcXASnXk-jygMz0uskSOj_bisVPmU5KXQ9G2Y8JvqY1Q8ub_mOcOrXTNJZ3iL8_ZbKpydMsWAk2PuvEXKPNcGo4xeKAcm2cMcnI6OV9M9zyfRy1hfSGQjVblql4lBULEA7k8kUy0RkHUklT5qqvVcQVGpsRkty8vtRwAuBRMXJxffUjE7R7L2-98sbHwX1nWesOZX_Jao7OZoJpketNvcELZrtIxS7H9BPymcJQS1S8Y2sXbxkmoSgTnQ3oC0fNG18tCkIQUnJz.TcMQzybGgNludlr3r_fP6Q"
      },
      {
        "rel": "status",
        "href": "/v1/payments/e1fb7276-1955-43fe-acbb-cee0214be6f7/status"
      }
    ]
  }
}

Sweden: get payment status

This example shows how to query payment status.

This endpoint URL has the following form:

https://api.nordeaopenbanking.com/personal/v1/payments/{externalId}/status

This endpoint supports GET HTTP Method only. Here is an example request:

$ curl 'https://api.nordeaopenbanking.com/personal/v1/payments/{externalId}/status' -i \
    -H 'X-Nordea-Originating-Host: <host>' \
    -H 'X-Nordea-Originating-Date: <now>' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer <access_token>' \
    -H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
    -H 'X-IBM-Client-Id: <your_client_id>' \
    -H 'X-IBM-Client-Secret: <your_client_secret>'

And here is how the response looks like:

{
  "group_header": {
    "message_identification": "92de1dca04f7b77a",
    "creation_date_time": "2021-01-07T08:27:48.995481Z",
    "http_code": 200
  },
  "response": {
    "external_id": "e1fb7276-1955-43fe-acbb-cee0214be6f7",
    "status": "Paid"
  }
}

Note that before the signing url has been called, the payment does not exists yet, it means the payment signing process has to be started by you and your customer.

PIS API for Single SCA examples Norway

Norway: initiate a new payment

In this example, we initiate a new payment.

This endpoint URL has the following form:

https://api.nordeaopenbanking.com/personal/v1/payments/authorization/domestic-credit-transfer

This endpoint supports POST method only.

Here is an example request:

$ curl 'https://api.nordeaopenbanking.com/personal/v1/payments/authorization/domestic-credit-transfer' -i -X POST \
    -H 'X-Nordea-Originating-Host: <host>' \
    -H 'X-Nordea-Originating-Date: <now>' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer <access_token>' \
    -H 'digest: <generated_digest>' \
    -H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
    -H 'X-IBM-Client-Id: <your_client_id>' \
    -H 'X-IBM-Client-Secret: <your_client_secret>'
    -H 'Content-Type: application/json; charset=UTF-8' \
    -d '{
"payment":
{
    "amount": 54.00,
    "currency": "NOK",
    "creditor":
    {
        "account":
        {
            "value": "NO7360391598781",
            "currency": "NOK"
        },
        "name": "Beneficiary name",
        "message": "Message to beneficiary"
    },
    "debtor":
    {
        "account":
        {
            "currency": "NOK",
            "value": "NO9560391598773"
        }
    },
    "merchant": "shopname",
    "external_id": "e1fb7276-1955-43fe-acbb-cee0214be6f8"
},
"authentication":
{
    "state": "state",
    "redirect_uri": "https://www.nordea.com",
    "authentication_method": "BANKID_NO"
}
 
}'

And the response looks like this:

{
  "group_header": {
    "message_identification": "b5b3e9196e715429",
    "creation_date_time": "2020-12-21T15:15:02.740006Z",
    "http_code": 201
  },
  "response": {
    "_links": [
      {
        "rel": "redirect",
        "href": "https://<nordeasigninghost>?client_id=Rsf9OPDHmnLy2Sfyr4UF&code_challenge_method=S256&redirect_uri=https%3A%2F%2F<nordeapaymentgateway>%2Fv1%2Fpayments%2Fauthorization%2Fcallback&response_type=code&code_challenge=KUBvaOzl8Q1afr0jwDy8165CxYKoheRox6hbznf3zqA&scope=openid+ndf+agreement&state=03db409f-280f-452a-9d62-c79779e159d4&nonce=bDkNOHcmIZuRQ1erohU6gDlL9MiArJfMqxEFGNj3&login_hint=card_rdr&signing_token=eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.tv-IL1mxnvAx5QxS6KsfA4nSKAmt5CFrQW8fhismTwsvFmnXrDV3xX4HxFf9c0V9__Uq-jM1umUm6fFNdjEywswjRhwZbMUyZxhx693fwY9M6FB9AV7Rayf_dovDscyXLSudoiOmQGewxo-EhEHa9jNtJu_X2femG3ZDvak4NRva7E9ns0z0yWbMOKQkrBmZdgiWZv55IaW2HnZ151Xz82L8AruMDborxOQ-ongAHQ8RBjQJ6pGY_xfkwSBsddqTLUWifShaRZE09shFfhC77uCtEtqI06G5HHn57f_cx1YSYgHiW7A4ygw9d_zh611JXjZbL0Bz0qw2k89sC6pFVg.t-iziBzWDErYoFe3.wGy9iMfyRSpLMRtfruWYhBVU9OY0jPULFUYfsYulF5ogaoTIFGM-MF2DA8X06asbI-HmqLVcbcexLTjBmAwCf1T-aVF_xvNwOkAgX3iKMi10cPp9eLTazDkKUGk3tHiDh7crDOlum78E0ppdO2sIhOEN01W221Mb9IqrRlWesPAtG7A3-xo1Sm2IYjhwRPNaxWpfxsoD4210tvWakRJ6bDRCQmeMDM8xazRvBGxpECSgSPBE6ruDy8C-XcPekE6v4lKZbSVhOQb21nQDxMpjzCMlB2gEkDnO9rU7b9kOS6YZqQMX1NkVp8aPiKrk46A6tg07Dm_1ACHWjLF2lLhibhZ8SqFUZaojpX-gkmiCvl8QW1kVLdDShgJoVLMQ7sohn9U--bsXozC0mSHHooTT5MD-mf6ye9AbXic7YZRhMrnvKLnTTSKqVeWg_zDB9IVQ-2hBxTQP8PXHjE08YbfUZKW64kG0aeR-KPSg9KTRspye3dK6g_WRl0JQXvui2-L6jX5dG-uL9T5dRk74uIOpkKH_UfyVrwGEELvnxW2j5fhBpQWT0hE8VIX7sk64epZ5zBXvhG5v0qb9CvIKKAcp_NGif7VCr9iZEF84e8d5HzHqUiBMyDXrv1GJsoo0eOYGJlFPg80WRk_XuARZQ99NAqB0IxDsWsM0oO236-SmOa2f8Di3qml-V7jnlRjOvXwq8IVfWoCVl_0S3r4zt0gmNaIaPP7Hf1wCDmeIuOFJyBqJdrFAQIuzVAE7st5bWXpfbO7PhSUj_IAsjP3PxbAsrsgBC4qkMALSI0ugk5kF-7oJhfAhLq_xg18CtKGGLP4zGJc2OnwJJLjgUbq05BQT8fbpzL7_e0pcIXow9Inx9VuHc2nQlZkCd-oP2P25hGPteh4Hsl3X6mPPEpv4vF_Fs1HcwnU_pL6GK1sW0legKqE817h0dO9PrVubmh3syljKS8Ux8RE897k-NaoV3s6O9wLyAlJJmrnXHY_gPTsQUdfSOze-os_Ayqk4vuVVz-7roYa3L0eveqNV4vooy9Ic4bdU4IgLTx3-FOGBuPRWXzMYV0bqwOv2aLMDHZlbYPFcvaxqteJAE_IBEUfuxbSSKe2duSKBMShLjOCO127tfE9XOulavLrwphAUDDI3GVa1tWdSElZYFKdr9PgVe_maUVMrgpde_USccJUa4zzwIUtfXopuvMFuUcn14fN_toZXgsUuME_jzW0kR_K_bC6I8FVFVfXY-Wd6BrGShRi71c0DORzhR_8JtUDwhzU2ouqs5PtAwY_i1zCij18syjH7gwXbX_cUmb1D0mR6y9CErWN8_TxG3VreuhQClmxw8p2FYtliMveccL5NTU4ASFFTeYycDlRIAUrcUvVGtGwPmh_4jfO063Trq6vBivqGNDryAMM8SKpSZX-b2xd6sZyvdvO9qtsdiq2dAd-yVdKfhlWWYZodIYnHHl9g1KzdFYGl9g3UexlTIW87yolxqyxay6-FN9470U7qDT6NqS6XJGnOk71X-3kQ5ID-5PRaIAsXXuJfS-_5kDlZXoZyZwWZ3jolANnKpgO6tRfoyh3QJjquU8drKbrektbnYSHFooe0xz_OvoRp2LCVEzFfZVKEm120OOcXASnXk-jygMz0uskSOj_bisVPmU5KXQ9G2Y8JvqY1Q8ub_mOcOrXTNJZ3iL8_ZbKpydMsWAk2PuvEXKPNcGo4xeKAcm2cMcnI6OV9M9zyfRy1hfSGQjVblql4lBULEA7k8kUy0RkHUklT5qqvVcQVGpsRkty8vtRwAuBRMXJxffUjE7R7L2-98sbHwX1nWesOZX_Jao7OZoJpketNvcELZrtIxS7H9BPymcJQS1S8Y2sXbxkmoSgTnQ3oC0fNG18tCkIQUnJz.TcMQzybGgNludlr3r_fP6Q"
      },
      {
        "rel": "status",
        "href": "/v1/payments/e1fb7276-1955-43fe-acbb-cee0214be6f8/status"
      }
    ]
  }
}

Norway: get payment status

This example shows how to query payment status.

This endpoint URL has the following form:

https://api.nordeaopenbanking.com/personal/v1/payments/{externalId}/status

This endpoint supports GET HTTP Method only.

Here is an example request:

$ curl 'https://api.nordeaopenbanking.com/personal/v1/payments/{externalId}/status' -i -X GET \
    -H 'X-Nordea-Originating-Host: <host>' \
    -H 'X-Nordea-Originating-Date: <now>' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer <access_token>' \
    -H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
    -H 'X-IBM-Client-Id: <your_client_id>' \
    -H 'X-IBM-Client-Secret: <your_client_secret>'

And here is how the response looks:

{
  "group_header": {
    "message_identification": "92de1dca04f7b77a",
    "creation_date_time": "2021-01-07T08:27:48.995481Z",
    "http_code": 200
  },
  "response": {
    "external_id": "e1fb7276-1955-43fe-acbb-cee0214be6f8",
    "status": "Paid"
  }
}

Note that before the signing url has been called, the payment does not exists yet, it means the payment signing process has to be started by you and your customer.

Payments API Own Transfers Payments API Single SCA v2