Upcoming changes in Swedish payment infrastructure

Sweden is facing one of the biggest changes in the history of its payment infrastructure, regarding the updated payment type Credit Transfer. Please refer to the information in the below link.

Information regarding SEK Credit transfer

Premium API Authorization

Authentication and Authorization of Premium API

Authenticate

Authorize

Call the APIs

Authenticate

The Premium API uses OAuth 2.0 to authenticate clients. To access a Premium API endpoint the client needs an Access Token, that is granted by requesting a OAuth 2.0 Client Credential Grant at the OAuth token endpoint. This page assumes that you, as a service provider is onboarded for the requested service and have access to the endpoints

As part of this process you will get a client id that will be used, in combination with a client certificate that the public part of certificate is known by, and associated with you as a service provider

Authorize - OAuth Client Credential Grant (CCG)


Endpoint 

https://premiumapi.handelsbanken.com/mlurd/oauth2/token/1.0

Headers

The request requires to HTTP headers: Accept and Content-Type

Accept should be set to application/json
Content-Type should be set to application/x-www-form-urlencoded

Parameters

grant_type client_credentials
scope is set according to the product to access. See table below. For more than one scope the scopes must be separated by white space characters.
client_id the unique identifier of your application, that you get when you are onboarded to a Premium API

Response

Responds with a JSON object with the following fields:

access_token the returned CCG token. Used in the Authorization header of requests to Premium API endpoints.
expires_in the number of seconds the access_token is valid.
token_type always have the value Bearer

Scope for products

scope Description
premium-accounts Premium Account API
premium-fx-trade-retriever Premium FX API Trade Retiever
premium-fx-indicative-rates Premium FX API Indicate Rates. This is often used in combination with Premium FX Market Order API
premium-fx-market-order Premium FX API Market Order. This is often used in combination with Premium FX Indicative Rates API

Examples

Request - request access to Premium Accounts API

curl -X POST https://premiumapi.handelsbanken.com/mlurd/oauth2/token/1.0 \ --key <Your private key file> \
--cert <Your public cert file> \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&scope=premium-accounts&client_id=<Your client-id>'

Response

HTTP/1.1 200 OK
{
  "access_token": "QVQ6M2NkMjUzMzMtZDZkZS00OGU1LTk0MzMtMmVhOTY5ZDA5YmU4",
  "expires_in": 86400,
  "token_type": "Bearer"
}

Request - request access to Premium FX API Services

curl -X POST https://premiumapi.handelsbanken.com/mlurd/oauth2/token/1.0 \
--key <Your private key file> \
--cert <Your public cert file> \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&scope= premium-fx-trade-retriever premium-fx-indicative-rates premium-fx-market-order&client_id=<Your client-id>'

Response:

HTTP/1.1 200 OK
{
  "access_token": "QVQ6M2NkMjUzMzMtZDZkZS00OGU1LTk0MzMtMmVhOTY5ZDA5YmU4",
  "expires_in": 86400,
  "token_type": "Bearer"
}

Call the APIs

The access token that is returned is used in every subsequent API call. The following headers must be set for each call

Authorization set it Bearer <access token>
X-IBM-Client-Id this header contains the unique identifier of your application, that you get when you are onboarded to a Premium API.