To learn more about RestFX, Indicative Rates & Market Orders start here, others have already started using them.

As of today version 3 of PSD2 API for Swedbank and the Savings Banks is available and brings improvements for both the end user and the developers. We have added support for Mobile BankID 5.1 with dynamic QR-code for the users in Sweden. Version 3 follows the Berlin Group Standard 1.3.5 for both the Swedish and Baltic part of the API. Version 2 of the PSD2 API will be available until September 2020. Please move all your applications to version 3 as current version is not backward compatible. Detailed breaking changes are listed at the end of this newsletter.

 

With these improvements we want to further emphasize that the PSD2 API (or the fallback contingency mechanism in Sweden) is the only channel provided for third parties to access customer data in accordance with the requirements in the PSD2 directive. To ensure compliance, additional security improvements will be introduced in our customer channels restricting access for third parties soon. So please ensure that you migrate your integrations to the PSD2 API to secure your access and future delivery of your services to our common customers.

 

In the next updates of the PSD2 API that will be launched during Q3 we will introduce:

  • [Sweden] An option to use additional scopes that allows simplification of AIS flow by decreasing number of SCAs and optimization of Authentication and Consent steps (planned for July);
  • [Sweden] Decoupled payment signing for Corporate users (even with multiple signatures);
  • [Baltics] Biometrics support;
  • [Baltics] Future dated and recurring payments.

 

We also have some additional APIs that we plan to launch that will provide more functionality beyond PSD2.

If you want to get in contact with us, get help with onboarding or have any other issues please contact our – we are here to help you!

Stay safe and have a nice summer!

 

Sincerely,
Swedbank Open Banking team

 

 

Alignment to BGS v1.3.5 standard and breaking changes:

Response body changes for alignment to BGS v1.3.5:

  • POST /consents/{consentID}/authorisations
  • PUT /consents/{consentID}/authorisations/{authorisationID}
  • POST /payments/{payment-product}/{paymentID}/authorisations
  • PUT /payments/{payment-product}/{paymentID}/authorisations/{authorisationID}
  • GET /available-authentication-methods
  • POST /consents in Decoupled approach
  • POST /authorize-decoupled
  • POST /authorisations
  • POST /consents
  • POST /payments/{payment-product} (Decoupled auth only)
Request body changes for alignment to BGS v1.3.5:
  • POST /authorize-decoupled
HTTP method changes (instead of PATCH):
  • PUT /consents/{consentID}/authorisations/{authorisationID}
  • PUT /payments/{consentID}/authorisations/{authorisationID}
XML statement support is aligned to other digital channels and made available for corporates only (Baltics).

 

Other changes:

  • New format is added for better support to Nordea personal account (Sweden) - personal account format without clearing number allowed if prefix ‘PA’ added, check swagger documentation on Developer portal for more details;
  • Improved alignment to OAuth 2.0 and BGS v1.3.5 standard by making BIC parameter not mandatory if country code-based URL is used;
  • Support of TPP-Nok-Redirect_URI for redirect approach in Baltic countries;

Parallel support of 2 valid consents: All accounts consent, detailed consent.