PIS API specific documentation
Changes from the previous version
This is the change log of the PIS API for Single SCA, allowing PSD2-regulated TPPs to initiate payments on behalf of the PSU. The top most item is the latest change and the API changes described in it are relative to the version directly below.
Version 2.8
SEPA credit transfer used in Finland, has been enhanced with instant payment functionality. As part of it
- “urgency = express” is supported at payment initiation
- The solution does not support due date -payments for express payments
- Maximum length for creditor name has been increased to 70 char for express payments
Maximum length for creditor name has been increased to 70 char for standard payments
Version 2.7
Single SCA v1 for PIS Personal has been deprecated.
Version 2.6
One new optional field has been added is_own_account_transfer. Field can have only True/False values. Attribute value can be True only if both debtor’s and creditor’s accounts are owned by same person and both accounts are Nordea accounts. If attribute is missing, payment will be handled same way than if attribute value is False. Remark: This option is available in Sweden, Denmark and Norway but not in Finland.
Removed ‘BI-WEEKLY’ recurring frequency for NO domestic payments.
Version 2.5
Recurring payment added to all four countries (DK, SE, NO, FI). The recurring payments - sometimes also known as standing order - information consist of two additional values; the ‘count’ and the ‘recurrence_type’.
The count has to be a minimum of 2, as the first payment is executed on the requested execution date as a normal payment, and creates another payment immediately afterwards. The number of payments remaining can be found in the count field if payment list or details are requested. It will decrease by 1 for each version of the payment that has been Paid. The normal maximum value for count is 98, but the number 9999 (four nines) is used to indicate an infinite series of identical payments that will not stop until deleted by the submitter. This special ‘count’ will not decrease with each Paid payment, and will continue to return the number 9999.
Note: Example to initiate recurring payment is added below in
Denmark: initiate recurring payment.Recurringblock is to be supplied in Initiate Payment similarly in other countries.
| recurrence_type | FI | SE | DK | NO | Description |
|---|---|---|---|---|---|
| DAILY | X | Every banking day | |||
| WEEKLY | X | X | Weekly, based on the day of the requested execution date (or the next banking day) | ||
| BIWEEKLY | X | Every 2 weeks on the weekday of the request execution date (or the next banking day). For Norway BIWEEKLY is only supported for the own account transfers. | |||
| MONTHLY_SAME_DAY | X | X | X | X | Monthly, based on the day of requested execution date (or the next banking day). For Sweden MONTHLY_SAME_DAY is not supported for the own account transfers. |
| MONTHLY_EOM | X | Monthly on the last banking day of the month | |||
| QUARTERLY_SAME_DAY | X | X | Every 3 months on the requested execution date (or the next banking day). | ||
| QUARTERLY_EOM | X | Every 3 months on the the last banking day of the month | |||
| TRI_ANNUALLY_SAME_DAY | X | Every 4 months on the requested execution date (or the next banking day) | |||
| SEMI_ANNUALLY_SAME_DAY | X | X | Every 6 months on the requested execution date (or the next banking day) | ||
| SEMI_ANNUALLY_EOM | X | Every 6 months on the the last banking day of the month | |||
| YEARLY_SAME_DAY | X | X | Once a year on the requested execution date (or the next banking day) | ||
| YEARLY_EOM | X | Once a year on the the last banking day of the month | |||
| EVERY_MINUTE_SANDBOX_ONLY | X | X | X | X | Testing in Sandbox only! Every minute, a recurrence of the payment will be Paid and the next occurrence created until the counter reaches 0. |
In Sandbox: We have added EVERY_MINUTE_SANDBOX_ONLY to `recurrence_type` for you to test the `count` and `status` of the payments in the sandbox. As confirmed payments in sandbox automatically gets `Paid` after a few second, the recurring payments will automatically run until the `count` reaches 0. Please avoid using 9999 too many times whilst testing, and EVERY_MINUTE_SANDBOX_ONLY is not accepted in production.
Version 2.4
Confirmation of Availability of Funds has been added for Single SCA to following endpoints
- / payments / domestic
- / payments / sepa
- / payments / cross-border-credit-transfers
- / payments / owntransfer
Two new optional fields have been added
- request_availability_of_funds
- availability_of_funds
Confirmation of Availability of Funds for Single SCA is available for version 3.
Version 2.3
New examples for Single SCAs added to the document due to that attribute “type” was shown as “_type”.
Version 2.2
The payment initial status has been corrected to PendingUserApproval.
Version 2.1
/v2/single-sca-paymentsis now available for all countries (FI (SEPA), DK, NO and SE)/v2/single-sca-payments/{paymentId}/statusis now available for all countries (note paymentId, not externalId)
We have also added to possibility to show all the details of a payment and to cancel the payment. Since a payment is initiated and signed with a single SCA (signature) by the PSU, you have not yet had the possibility to receive an access token for further calls to be made on said payment. Hence you have only had the option to ask for the (/v1) status of the payment, using your external reference, with very limited details to be shown. You will now receive an auth code on your call back service from the signing flow, which can be exchanged into a set of an access token and refresh token, using the auth services already used for 2SCA flow. These tokens are valid for all the active Single SCA initiated payments, but no more, as you do not have consent for the account itself, you will not be able to initiate new payments, nor get the 2SCA payment list with this token. Each time an auth code is exchanged for a new Single SCA token, the token will be valid for all the PSUs Single SCA active payments, but at the same time, the previous tokens are automatically revoked. So always use the latest token for all the payments. More on this topic is explained in the Help Centre article How to handle signing of payments using the single SCA endpoint.
Version 2.0
Payment types BankGiro (BGNR), PlusGiro (PGNR) for Sweden and KID payments for Norway added. For Denmark and Finland use /v1.
For (any) payment status use /v1.
Additional fields added (same functionality as from domestic payments): type, reference, urgency, and requested_execution_date
Endpoints added.
/v2/payments/authorization/sepa-credit-transfer/v2/payments/authorization/domestic-credit-transfer(SE only for now, DK and NO will come later)
Overview
Payment Initiation Services (PIS) API for Single SCA consists only of three endpoints, two for initiation of a SEPA or domestic payment.
Note: BBAN_SE payments for Sweden, as well as BankGiro and PlusGiro payments have been added. For Norway KID payments with reference type “OCR” is now available. Only in v2.
Note: The default urgency is normal.
Note: “urgency = express” is supported at payment initiation for Sepa Credit Transfer Finland
API endpoints
The PIS API for Single SCA contains the following endpoints:
| Endpoint | Supported HTTP Methods |
|---|---|
/payments/authorization/sepa-credit-transfer | POST |
/payments/authorization/domestic-credit-transfer | POST |
/single-sca-payments/ | DELETE |
/single-sca-payments/ | GET |
After the payment is initiated by POST request to this endpoint, it will be available by doing GET /status request to this endpoint which returns the status of the payment. There are no payment details available in /status only the payment status. Two new services have been added under /payments. Delete, equivalent to the 2SCA multiple delete service, and GET which would get the full details of a payment. Both new services require a bearer token as mentioned in the release notes.
In Sandbox: To confirm the payment, call the `/confirm` endpoint and subsequently activate the `signing_url` supplied. The received response is mocked and not valid for further processing.
PIS API scenarios for Single SCA
There are no scenarios available in this PIS API.
PIS API for Single SCA examples Denmark
Denmark: initiate a new payment
In this example, we initiate a new payment.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/payments/authorization/domestic-credit-transfer
This endpoint supports POST method only.
And here is example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/payments/authorization/domestic-credit-transfer' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payment": {
"amount": 14.24,
"currency": "DKK",
"urgency": "standard",
"requested_execution_date": "2023-03-07",
"creditor": {
"account": {
"value": "23001546147254",
"currency": "DKK",
"type": "BBAN_DK"
},
"message": "1831653108"
},
"debtor": {
"account": {
"currency": "DKK",
"value": "23001546139529",
"type": "BBAN_DK"
}
},
"external_id": "bbb441ff-d10d-44c5-a12a-1074a36edbc0",
"merchant": "Shoe shop"
},
"authentication": {
"state": "bbb441ff-d10d-44c5-a12a-1074a36edbc0",
"redirect_uri": "https://www.example.com"
}
}
'
And the response looks like this:
{
"group_header": {
"message_identification": "RKnzRFnCV7saDwgY",
"creation_date_time": "2022-08-15T08:56:58.513519Z",
"http_code": 201
},
"response": {
"_links": [
{
"rel": "redirect",
"href": "<nordeasigninghost>?client_id=dummy_client_id_se&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fsandbox-personal-obh.esp.rs.dev01.qaoneadr.local%2Fv4%2Fpayments%2Fsign%2Fcallback&response_type=code&code_challenge=y-WAp09TDqVpT_Jt-ScxYEWANNLPqMDv5lqZnhDh82E&scope=openid+ndf+agreement&state=cab8a12a-e71d-4cd8-99a4-531a69584820&nonce=lHPSuvf8ybET3mbeqR2L2S5XIhG5qTl8uOvsNUcG&login_hint=qr_rdr&signing_token=DummySignedToken"
},
{
"rel": "status",
"href": "/v2/single-sca-payments/bbb441ff-d10d-44c5-a12a-1074a36edbc0/status"
}
]
}
}
Denmark: get payment status
This example shows how to query payment status.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}/status
This endpoint supports GET HTTP Method only. Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}/status' -i \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header": {
"message_identification": "1IZVN0Nbx1mV4qgJ",
"creation_date_time": "2023-03-15T08:58:11.219529Z",
"http_code": 200
},
"response": {
"payment_id": "5a3f726e-1bd9-4d7f-a3e9-7c9c7e24e092",
"status": "PendingUserApproval"
}
}
Denmark: get payment details
This example shows how to query payment details.
Note: This call requires a bearer token.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}
This endpoint supports GET HTTP Method only. Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}' -i \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header": {
"message_identification": "ef006f1d250f68f00266ee1e0e9e2d44",
"creation_date_time": "2024-09-23T14:25:30.639023652Z",
"http_code": 200
},
"response": {
"payment_id": "e025a492-53dc-4fbc-98f0-3880a2d50512",
"amount": "14.24",
"currency": "DKK",
"debtor": {
"account": {
"type": "IBAN",
"value": "DK6120301544118028",
"currency": "DKK"
},
"message": "Debtor message"
},
"creditor": {
"account": {
"type": "IBAN",
"value": "DK1053930000412656"
},
"message": "Creditor Message"
},
"status": "Paid",
"requested_execution_date": "2024-09-23",
"planned_execution_date": "2024-09-23"
}
}
Here is how the request looks like when using Confirmation of Availability of Funds:
$ curl --location --request GET 'https://api.dev.nordeaopenbanking.com/personal/v3/single-sca-payments/' -i ?request_availability_of_funds=true' \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like with Confirmation of Availability of Funds:
{
"group_header": {
"message_identification": "2cd15f35b99b02a761c37def7e8d8040",
"creation_date_time": "2024-11-12T12:23:01.260185857Z",
"http_code": 200
},
"response": {
"payment_id": "051800e8-9664-43b3-8fcd-8e8f8bee618e",
"external_id": "someids178456",
"instructed_amount": {
"amount": "1.38",
"currency": "DKK"
},
"debtor": {
"account": {
"type": "IBAN",
"value": "DK6120301544118028",
"currency": "DKK"
}
},
"creditor": {
"account": {
"type": "IBAN",
"value": "DK1053930000412656",
"currency": "DKK"
},
"message": "Message to Ben"
},
"status": "Confirmed",
"requested_execution_date": "2024-11-13",
"planned_execution_date": "2024-11-13",
"availability_of_funds": "true"
}
}
Denmark: delete multiple payments
This example shows how to bulk delete payments. It is identical to the 2SCA multiple delete service, however, the bearer token is not the same.
Note: Not all payments are deletable (see payment status table for further information).
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use DELETE since we want to delete payments.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/single-sca-payments' -i -X DELETE \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments":[
{payment_id":"11d55648-8c1d-45e2-951a-69c5aeaed99j"},
{payment_id":"5e6e2d6f-e2dd-4c71-b232-9dfbb88ba99j"}
]
}
And this is how the response looks like:
{
"group_header":
{
"message_identification": "a42c1707dd444505",
"creation_date_time": "2023-03-11T10:11:12.134Z",
"http_code": 200
},
"response": [
"11d55648-8c1d-45e2-951a-69c5aeaed99j",
"5e6e2d6f-e2dd-4c71-b232-9dfbb88ba99j"
],
"errors": []
}
Denmark: initiate recurring payment
In this example, we initiate a Recurring payment.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/payments/authorization/domestic-credit-transfer
This endpoint supports POST method only.
And here is example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/payments/authorization/domestic-credit-transfer' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"language": "en",
"redirect_uri": "https://www.example.com",
"state": "test"
},
"payment": {
"amount": "0.01",
"creditor": {
"account": {
"currency": "DKK",
"type": "IBAN",
"value": "DK2023001546147386"
},
"message": "Pay 9578624f",
"name": "Test Name"
},
"currency": "DKK",
"debtor": {
"account": {
"currency": "DKK",
"type": "IBAN",
"value": "DK6120301544118028"
},
"message": "Pay 4f77622b"
},
"external_id": "d06c60f2-09c5-4c5a-ae1c-059881ff13d0",
"merchant": "shop",
"recurring": {
"count": 3,
"recurrence_type": "BIWEEKLY"
},
"requested_execution_date": "2025-03-27"
}
}
'
And the response looks like this:
{
"group_header": {
"creation_date_time": "2025-03-27T15: 36: 21.676519948Z",
"http_code": 201,
"message_identification": "502891e42647f68616ad7f341c292d86"
},
"response": {
"_links": [
{
"href": "<nordeasigninghost>?client_id=dummy_client_id_dk&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fapi.nordeaopenbanking.com&response_type=code&code_challenge=-1gqLloZ9b5Z589GALwJMTtfvTieLackWLxQdfZA1Nk&scope=openid+ndf+agreement&state=bccdaad8-b265-4654-961d-86006018783a&nonce=5hIt8EQZa5yBWJ6NTCfu5BSp9ozjJbrZNQdgAlLc&signing_token=DummySignedToken&ui_locales=en&userId=<userId>&password=<password>",
"rel": "redirect"
},
{
"href": "/v2/single-sca-payments/db6178bf-0f77-480f-958e-d7a3345f008f/status",
"rel": "status"
},
{
"href": "/v2/single-sca-payments/db6178bf-0f77-480f-958e-d7a3345f008f",
"rel": "details"
}
]
}
}
PIS API for Single SCA examples Sweden
Sweden: initiate a new payment
In this example, we initiate a new payment.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/payments/authorization/domestic-credit-transfer
This endpoint supports POST method only.
And here is example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/payments/authorization/domestic-credit-transfer' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payment": {
"amount": 12.24,
"currency": "SEK",
"urgency": "standard",
"requested_execution_date": "2022-09-07",
"creditor": {
"account": {
"value": "3300308",
"type": "BGNR"
},
"name": "Beneficiary name",
"message": "1831653108"
},
"debtor": {
"account": {
"currency": "SEK",
"value": "SE1730000000031412034086",
"type": "IBAN"
}
},
"external_id": "bbb441ff-d10d-44c5-a12a-1074a36edbc0",
"merchant": "Shoe shop"
},
"authentication": {
"state": "bbb441ff-d10d-44c5-a12a-1074a36edbc0",
"redirect_uri": "https://www.example.com",
"authentication_method": "QR_RDR"
}
}
'
And the response looks like this:
{
"group_header": {
"message_identification": "RKnzRFnCV7saDwgY",
"creation_date_time": "2022-08-15T08:56:58.513519Z",
"http_code": 201
},
"response": {
"_links": [
{
"rel": "redirect",
"href": "<nordeasigninghost>?client_id=dummy_client_id_se&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fsandbox-personal-obh.esp.rs.dev01.qaoneadr.local%2Fv4%2Fpayments%2Fsign%2Fcallback&response_type=code&code_challenge=y-WAp09TDqVpT_Jt-ScxYEWANNLPqMDv5lqZnhDh82E&scope=openid+ndf+agreement&state=cab8a12a-e71d-4cd8-99a4-531a69584820&nonce=lHPSuvf8ybET3mbeqR2L2S5XIhG5qTl8uOvsNUcG&login_hint=qr_rdr&signing_token=DummySignedToken"
},
{
"rel": "status",
"href": "/v2/single-sca-payments/bbb441ff-d10d-44c5-a12a-1074a36edbc0/status"
}
]
}
}
Sweden: get payment status
This example shows how to query payment status.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}/status
This endpoint supports GET HTTP Method only. Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}/status' -i \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header": {
"message_identification": "1IZVN0Nbx1mV4qgJ",
"creation_date_time": "2022-08-15T08:58:11.219529Z",
"http_code": 200
},
"response": {
"payment_id": "bbb441ff-d10d-44c5-a12a-1074a36edbc0",
"status": "PendingUserApproval"
}
}
Sweden: get payment details
This example shows how to query payment details.
Note: This call requires a bearer token.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}
This endpoint supports GET HTTP Method only. Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}' -i \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header": {
"message_identification": "96e2a4e13989dc62f0029f4fba5ad9f8",
"creation_date_time": "2024-09-23T14:33:10.17122623Z",
"http_code": 200
},
"response": {
"payment_id": "69bf731d-41af-47e0-b69b-dab4835b60c3",
"amount": "4",
"currency": "SEK",
"debtor": {
"account": {
"type": "BBAN_SE",
"value": "41351300039",
"currency": "SEK"
},
"message": "debtor msg"
},
"creditor": {
"account": {
"type": "BBAN_SE",
"value": "43951000887",
"currency": "SEK"
},
"name": "Test Name",
"message": "cdtr msg"
},
"status": "Paid",
"requested_execution_date": "2024-09-23",
"planned_execution_date": "2024-09-23"
}
}
Sweden: delete multiple payments
This example shows how to bulk delete payments. It is identical to the 2SCA multiple delete service, however, the bearer token is not the same.
Note: Not all payments are deletable (see payment status table for further information).
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use DELETE since we want to delete payments.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/single-sca-payments' -i -X DELETE \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments":[
{payment_id":"11d55648-8c1d-45e2-951a-69c5aeaed88y"},
{payment_id":"5e6e2d6f-e2dd-4c71-b232-9dfbb88ba88y"}
]
}
And this is how the response looks like:
{
"group_header":
{
"message_identification": "a42c1707dd444505",
"creation_date_time": "2023-03-11T10:11:12.134Z",
"http_code": 200
},
"response": [
"11d55648-8c1d-45e2-951a-69c5aeaed88y",
"5e6e2d6f-e2dd-4c71-b232-9dfbb88ba88y"
],
"errors": []
}
PIS API for Single SCA examples Norway
Norway: initiate a new payment
In this example, we initiate a new payment.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/payments/authorization/domestic-credit-transfer
This endpoint supports POST method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/payments/authorization/domestic-credit-transfer' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"authentication": {
"language": "en",
"redirect_uri": "https://www.example.com",
"state": "test"
},
"payment": {
"amount": "1.00",
"creditor": {
"account": {
"currency": "NOK",
"type": "IBAN",
"value": "NO5460391627641"
},
"message": "Pay 84bc41d0",
"name": "Test Name"
},
"currency": "NOK",
"debtor": {
"account": {
"currency": "NOK",
"type": "IBAN",
"value": "NO2860010503178"
},
"message": "Pay a3fcec98"
},
"external_id": "8c37ee8f-76cb-4792-9412-9b803b2cbc71",
"merchant": "shop",
"requested_execution_date": "2025-03-27"
}
}
'
And the response looks like this:
{
"group_header": {
"message_identification": "c7751cf38378244f31c5c29274f2689a",
"creation_date_time": "2025-03-27T15:59:39.280487499Z",
"http_code": 201
},
"response": {
"_links": [
{
"rel": "redirect",
"href": "https://<nordeasigninghost>?client_id=dummy_client_id_no&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fapi.nordeaopenbanking.com&response_type=code&code_challenge=poEUhvZtIIfaNpX6AcO1NhwgBNHHXh2hwPUgeWniVmQ&scope=openid+ndf+agreement&state=8d541c89-0b8b-421f-999f-6a716e876fcc&nonce=roeHdKrcbQ5VynmAJbFq3ocsQt2QIip3aQTGIPqt&signing_token=DummySignedToken&ui_locales=en&userId=<userId>&password=<password>"
},
{
"rel": "status",
"href": "/v2/single-sca-payments/b084d0ac-a708-43a1-bdc9-c90939a150be/status"
},
{
"rel": "details",
"href": "/v2/single-sca-payments/b084d0ac-a708-43a1-bdc9-c90939a150be"
}
]
}
}
Norway: get payment status
This example shows how to query payment status.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}/status
This endpoint supports GET HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}/status' -i -X GET \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks:
{
"group_header": {
"message_identification": "9Qle4LKw8BuUc9Ms",
"creation_date_time": "2022-08-15T08:55:33.967829Z",
"http_code": 200
},
"response": {
"payment_id": "6d43f031-41f8-46fa-8b84-bdd09d40b8e5",
"status": "PendingUserApproval"
}
}
Note that before the signing url has been called, the payment does not exists yet, it means the payment signing process has to be started by you and your customer.
Norway: get payment details
This example shows how to query payment details.
Note: This call requires a bearer token. This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}
This endpoint supports GET HTTP Method only. Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}' -i \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header": {
"message_identification": "127a1ad2b1f03e05ec9def3e11f86af6",
"creation_date_time": "2024-09-23T14:35:51.583816168Z",
"http_code": 200
},
"response": {
"payment_id": "680769ba-cd4a-46a6-b452-ac01a1cc1406",
"amount": "1.99",
"currency": "NOK",
"debtor": {
"account": {
"type": "BBAN_NO",
"value": "60010503178",
"currency": "NOK"
},
"message": "Debtor message"
},
"creditor": {
"account": {
"type": "BBAN_NO",
"value": "60391598838"
},
"message": "Creditor Message"
},
"status": "Paid",
"requested_execution_date": "2024-09-23",
"planned_execution_date": "2024-09-23"
}
}
Norway: delete multiple payments
This example shows how to bulk delete payments. It is identical to the 2SCA multiple delete service, however, the bearer token is not the same.
Note: Not all payments are deletable (see payment status table for further information).
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use DELETE since we want to delete payments.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/single-sca-payments' -i -X DELETE \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments":[
{payment_id":"11d55648-8c1d-45e2-951a-69c5aeaed866"},
{payment_id":"5e6e2d6f-e2dd-4c71-b232-9dfbb88ba866"}
]
}
And this is how the response looks like:
{
"group_header":
{
"message_identification": "a42c1707dd444505",
"creation_date_time": "2023-03-11T10:11:12.134Z",
"http_code": 200
},
"response": [
"11d55648-8c1d-45e2-951a-69c5aeaed866",
"5e6e2d6f-e2dd-4c71-b232-9dfbb88ba866"
],
"errors": []
}
PIS API for Single SCA examples Finland
Finland: initiate a new payment
In this example, we initiate a new payment.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/payments/authorization/sepa-credit-transfer
This endpoint supports POST method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/payments/authorization/sepa-credit-transfer' -i -X POST \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payment": {
"amount": "10.00",
"creditor": {
"account": {
"currency": "EUR",
"type": "IBAN",
"value": "FI1450000120236228"
},
"message": "Beneficiary message",
"name": "Test Name"
},
"currency": "EUR",
"debtor": {
"account": {
"currency": "EUR",
"type": "IBAN",
"value": "FI7473834510057469"
}
},
"external_id": "df2f7381-7d43-4996-a491-3aecf89076905",
"merchant": "shop",
"urgency": "standard"
}
}'
"external_id": "tpp_supplied_string",
"requested_execution_date": "2023-03-11"
}'
And the response looks like this:
{
"group_header": {
"message_identification": "dd6db7847fbca9e069393f5fcd357e6f",
"creation_date_time": "2024-09-23T14:39:48.154532274Z",
"http_code": 201
},
"response": {
"_links": [
{
"rel": "redirect",
"href": "https://api.nordeaopenbanking.com/personal/nasa-mock/ssca/sign? client_id=dummy_client_id_fi&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fapi.nordeaopenbanking.com&response_type=code&code_challenge=k7gR4GE6cZ7eJ1oL-hKWeegl2wLjNHMAjFEJZteSW64&scope=openid+ndf+agreement&state=163e6e58-63aa-4fcd-915d-61613bb0827a&nonce=JvVTYnutqr58ccEIY3qCB142hyHoqzcuI6z5XBzF&login_hint=mta&signing_token=DummySignedToken&userId=user&password=sandbox"
},
{
"rel": "status",
"href": "/v2/single-sca-payments/501f7c38-a410-4cf6-9d68-168bf0b6f4dd/status"
},
{
"rel": "details",
"href": "/v2/single-sca-payments/501f7c38-a410-4cf6-9d68-168bf0b6f4dd"
}
]
}
}
In this example, we initiate a new payment as Sepa Instant. Only request shown below.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/payments/authorization/sepa-credit-transfer
This endpoint supports POST method only.
Here is an example request:
$ curl --request POST \
--url https://api.dev.nordeaopenbanking.com/personal/v2/payments/authorization/sepa-credit-transfer \
--header 'content-type: application/json' \
--header 'digest: <generated_digest>' \
--header 'signature: <generated_signature>' \
--header 'x-ibm-client-id: <your_client_id>' \
--header 'x-ibm-client-secret: <your_client_secret> \
--header 'x-nordea-originating-date: {{X-Nordea-Originating-Date}}' \
--header 'x-nordea-originating-host: {{X-Nordea-Originating-Host}}' \
--data '{
"authentication": {
"authentication_method": "MTA",
"language": "en",
"redirect_uri": "https://www.example.com",
"state": "test"
},
"payment": {
"amount": "7.15",
"creditor": {
"account": {
"currency": "EUR",
"type": "IBAN",
"value": "FI7814703500008811"
},
"message": "AutoPay30",
"name": "Test Name"
},
"currency": "EUR",
"debtor": {
"account": {
"currency": "EUR",
"type": "IBAN",
"value": "FI7473834510057469"
}
},
"external_id": "449de0de-0010-2137-abcd-e364ebefc6e9",
"merchant": "shop",
"requested_execution_date": "2025-06-03",
"urgency": "express"
}
}'
Finland: get payment status
This example shows how to query payment status.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}/status
This endpoint supports GET HTTP Method only.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}/status' -i -X GET \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks:
{
"group_header": {
"message_identification": "9Qle4LKw8BuUc9Ms",
"creation_date_time": "2023-03-15T08:55:33.967829Z",
"http_code": 200
},
"response": {
"payment_id": "6d43f031-41f8-46fa-8b84-bdd09d40b8e5",
"status": "PendingUserApproval"
}
}
Finland: get payment details
This example shows how to query payment details.
Note: This call requires a bearer token.
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}
This endpoint supports GET HTTP Method only. Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/{paymentId}' -i \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature=\"<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
And here is how the response looks like:
{
"group_header":
{
"messageIdentification": "b395df96a2ef02573e025d3e025d3e9f2e3394",
"creation_date_time": "2024-09-23T14:40:13.005495692Z",
"http_code": 200
},
"response": {
"payment_id": "501f7c38-a410-4cf6-9d68-168bf0b6f4dd",
"external_id": "df2f7381-7d43-4996-a491-3aecf89076905",
"amount": "10",
"currency": "EUR",
"debtor": {
"account": {
"type": "IBAN",
"value": "FI7473834510057469",
"currency": "EUR"
}
},
"creditor": {
"account": {
"type": "IBAN",
"value": "FI1450000120236228",
"currency": "EUR"
},
"name": "Test Name",
"message": "Beneficiary message"
},
"status": "Paid",
"requested_execution_date": "2024-09-23",
"planned_execution_date": "2024-09-23"
}
}
Finland: delete multiple payments
This example shows how to bulk delete payments. It is identical to the 2SCA multiple delete service, however, the bearer token is not the same.
Note: Not all payments are deletable (see payment status table for further information).
This endpoint URL has the following form:
https://api.nordeaopenbanking.com/personal/v2/single-sca-payments/
This endpoint supports GET, POST and DELETE HTTP Methods. Here we use DELETE since we want to delete payments.
Here is an example request:
$ curl 'https://api.nordeaopenbanking.com/personal/v2/single-sca-payments' -i -X DELETE \
-H 'X-Nordea-Originating-Host: <host>' \
-H 'X-Nordea-Originating-Date: <now>' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <access_token>' \
-H 'digest: <generated_digest>' \
-H 'signature: keyId=\"<your_clientapp_keyid>\",algorithm=\"rsa-sha256\",headers=\"(request-target) x-nordea-originating-host x-nordea-originating-date\",signature="<generated_signature>"' \
-H 'X-IBM-Client-Id: <your_client_id>' \
-H 'X-IBM-Client-Secret: <your_client_secret>'
-H 'Content-Type: application/json; charset=UTF-8' \
-d '{
"payments":[
{payment_id":"11d55648-8c1d-45e2-951a-69c5aeaed099"},
{payment_id":"5e6e2d6f-e2dd-4c71-b232-9dfbb88ba099"}
]
}
And this is how the response looks like:
{
"group_header":
{
"message_identification": "a42c1707dd444505",
"creation_date_time": "2023-03-11T10:11:12.134Z",
"http_code": 200
},
"response": [
"11d55648-8c1d-45e2-951a-69c5aeaed099",
"5e6e2d6f-e2dd-4c71-b232-9dfbb88ba099"
],
"errors": []
}
Confirmation of Availability of Funds for Single SCA
Confirmation of Availability of Funds for Single SCA has been added to this endpoint.
Two new optional fields have been added
- request_availability_of_funds
- availability_of_funds
Confirmation of Availability of Funds for Single SCA is available for version 3.
Payment initiation
Payment Initiation of Single SCA is not possible.
Get payment details
If Single SCA get payment details endpoint is available and SBX scenario is specified FundsNotAvailable and payment status is not Rejected or Executed, when the endpoint is invoked with query parameter request_availability_of_funds true, then the response of Get Payment Details is returned with funds info availability_of_funds set false.
If Single SCA get payment details endpoint is available and SBX scenario is not specified and payment status is not Rejected or Executed, when the endpoint is invoked with query parameter request_availability_of_funds true, then the response of Get Payment Details is returned with funds info availability_of_funds set true.
The example Single SCA Get payment details of Confirmation of Availability of Funds is updated in this documentation in Denmark example.