Upcoming changes in Swedish payment infrastructure

Sweden is facing one of the biggest changes in the history of its payment infrastructure, regarding the updated payment type Credit Transfer. Please refer to the information in the below link.

Updated Information:

Please note that the go-live date for Handelsbanken's new PIS API version 2, which includes the updated SEK Credit Transfer, has been postponed from the 4th of May to the 18th of May. The postponement is due to not all banks having completed their connection to the SEK Credit Transfer infrastructure yet. Despite our revised go-live date, please note that Bankgirot's plan for all banks to be connected by the 14th of April remains unchanged. The sandbox remains open and supports the new functionality in PIS API v2, so you can continue to perform your tests there.

Information regarding SEK Credit transfer

Premium API Authorization

Authentication and Authorization of Premium API

Authenticate

Authorize

Call the APIs

Authenticate

The Premium API uses OAuth 2.0 to authenticate clients. To access a Premium API endpoint the client needs an Access Token, that is granted by requesting a OAuth 2.0 Client Credential Grant at the OAuth token endpoint. This page assumes that you, as a service provider is onboarded for the requested service and have access to the endpoints

As part of this process you will get a client id that will be used, in combination with a client certificate that the public part of certificate is known by, and associated with you as a service provider

Authorize - OAuth Client Credential Grant (CCG)


Endpoint 

https://premiumapi.handelsbanken.com/mlurd/oauth2/token/1.0

Headers

The request requires to HTTP headers: Accept and Content-Type

Accept should be set to application/json
Content-Type should be set to application/x-www-form-urlencoded

Parameters

grant_type client_credentials
scope is set according to the product to access. See table below. For more than one scope the scopes must be separated by white space characters.
client_id the unique identifier of your application, that you get when you are onboarded to a Premium API

Response

Responds with a JSON object with the following fields:

access_token the returned CCG token. Used in the Authorization header of requests to Premium API endpoints.
expires_in the number of seconds the access_token is valid.
token_type always have the value Bearer

Scope for products

scope Description
premium-accounts Premium Account API
premium-fx-trade-retriever Premium FX API Trade Retiever
premium-fx-indicative-rates Premium FX API Indicate Rates. This is often used in combination with Premium FX Market Order API
premium-fx-market-order Premium FX API Market Order. This is often used in combination with Premium FX Indicative Rates API

Examples

Request - request access to Premium Accounts API

curl -X POST https://premiumapi.handelsbanken.com/mlurd/oauth2/token/1.0 \ --key <Your private key file> \
--cert <Your public cert file> \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&scope=premium-accounts&client_id=<Your client-id>'

Response

HTTP/1.1 200 OK
{
  "access_token": "QVQ6M2NkMjUzMzMtZDZkZS00OGU1LTk0MzMtMmVhOTY5ZDA5YmU4",
  "expires_in": 86400,
  "token_type": "Bearer"
}

Request - request access to Premium FX API Services

curl -X POST https://premiumapi.handelsbanken.com/mlurd/oauth2/token/1.0 \
--key <Your private key file> \
--cert <Your public cert file> \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&scope= premium-fx-trade-retriever premium-fx-indicative-rates premium-fx-market-order&client_id=<Your client-id>'

Response:

HTTP/1.1 200 OK
{
  "access_token": "QVQ6M2NkMjUzMzMtZDZkZS00OGU1LTk0MzMtMmVhOTY5ZDA5YmU4",
  "expires_in": 86400,
  "token_type": "Bearer"
}

Call the APIs

The access token that is returned is used in every subsequent API call. The following headers must be set for each call

Authorization set it Bearer <access token>
X-IBM-Client-Id this header contains the unique identifier of your application, that you get when you are onboarded to a Premium API.