Testing the Accounts & Card Accounts API
Now let's get started with some testing! But first you have to sign up and create your own Apps, if not already done.
You have to go through all steps, chronologically, in this guide to get successful results as each step is dependent on previous step.
Sandbox Gateway Host URL
When testing our APIs in our Sandbox environment, please ensure that the below base URL is used in all requests.
Important 1:
When using our APIs in the Live environment, the base URL changes to https://api.handelsbanken.com/openbanking
Important 2:
The client id:s you get when creating your apps, have a format that differs from the Live environment. The Live environment creates client id:s that have a UUID format while the sandbox creates client id:s that have a UUID format without dashes.
Step-by-step guide
- StepsDescription
- 1. Client CredentialsClient Credentials Grant Access Token request using the Client Credentials Grant API.
- 2. Customer ConsentInitiate End user (PSU) consent process using the appropriate consent endpoint.
- 3. End user (PSU) authorizationEnd user authorization using the available SCA Approach(es) received in the consent response.
- 4. Call the APIsCall the Account & Card Account Information APIs.
Step 1: Request Client Credential Grant (CCG) token
The authorization process starts with requiring a Client Credentials Grant (CCG). The result of this call will be a CCG access token which is used to call the POST /consents endpoint of the Consents API (which is used to acquire AIS consents for the PSU).
The Client Credential Grant request is identfied using the scope object (e.g. AIS). The CCG request is identical for all countries and is PSU independent.
Replace the “client_id” object with the client id you got when you created your App.
Further on in this guide you have to replace all objects in green color, with your client id, objects received from a previous step and objects that you have to choose yourself. Objects in red color are examples and cannot be used in requests.
Request example
curl -X POST https://sandbox.handelsbanken.com/openbanking/oauth2/token/1.0 \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&scope=AIS&client_id=YOUR CLIENT ID'
See below for the type of information that needs to be in your request for Sandbox testing.
| Parameter | Description | Example |
|---|---|---|
| grant_type | Type of token request - CCG in this case. Allowed value: “client_credentials”. Mandatory |
client_credentials |
| scope | A static scope with one or several values. For the Account & Card Account APIs, "AIS" must be the scope. Mandatory |
AIS |
| client_id | The client_id (app-id) you got when you created your app. Mandatory |
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc |
Response example
This is what the response looks like when the CCG token has been successfully created.
HTTP/1.1 200 OK
{
"access_token": "QVQ6YmNlZjI0M2QtZDBhZi00OGZiLWE0OTgtZGUwMTJhMDdjMjYz",
"expires_in": 86400,
"token_type": "Bearer"
}
Note that the access token is an example. The response you will receive is unique for your request. So be aware of that objects in red are examples and cannot be used by you.
| Parameter | Description | Example |
|---|---|---|
| access_token | The returned CCG token, associated with your registered application for the scope(s) you have requested. | QVQ6YmNlZjI0M2QtZDBhZi00OGZiLWE0OTgtZGUwMTJhMDdjMjYz |
| expires_in |
Number of seconds the access_token is valid for. |
86400 |
| token_type | Always the value ”Bearer”. | Bearer |
Step 2: Initiate consent (using CCG token)
The consent process starts with requesting a Consent ID and available SCA methods. These objects will later be used in Step 3.The CCG access token, received from previous step, is pasted into the Authorization header of the request.
Note that requests to the GB and the LU markets have the country defined in the URL while requests to the other markets defines the country with a header in the request.
For GB and LU the URL looks like this:
POST https://sandbox.handelsbanken.com/openbanking/psd2/gb/v1/consents
and
POST https://sandbox.handelsbanken.com/openbanking/psd2/lu/individual/v1/accounts/consents
Important: If the PSU is a Corporate customer, then the header parameters "PSU-Corporate-ID" and "PSU-Corporate-ID-Type" must be included in the request. The "PSU-Corpotate-ID-Type" header is alway equal to "BANK". The "PSU-Corporate-ID" is found in the test data document, except for GB. For GB you should set the "PSU-Corporate-ID" equal to "UNKNOWN".
Request example
curl -X POST https://sandbox.handelsbanken.com/openbanking/psd2/v1/consents \
-H 'X-IBM-Client-Id: YOUR CLIENT ID' \
-H 'Authorization: Bearer CCG ACCESS TOKEN RECEIVED FROM PREVIOUS STEP' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Country: SE/NL/FI' \
-H 'TPP-Request-ID: YOUR REQUEST ID' \
-H 'TPP-Transaction-ID: YOUR TRANSACTION ID' \
-d '{"access":"ALL_ACCOUNTS"}'
See below for the type of information that needs to be in your request for Sandbox testing.
| Parameter | Description | Example |
|---|---|---|
| X-IBM-Client-Id | The client_id (app-id) for your test app which we said you should note down earlier. Mandatory. |
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc |
| Authorization |
The CCG access token. Use the CCG access token received in previous step. |
Bearer QVQ6YmNlZjI0M2QtZDBhZi00OGZiLWE0OTgtZGUwMTJhMDdjMjYz |
| Country | ISO 3166-1 country code. Mandatory. |
SE, FI, NL (one country per request) |
| TPP-Request-ID | Unique identifier for the request. For Sandbox testing, you can make this up. Mandatory. |
c8271b81-4229-5a1f-bf9c-758f11c1f5b1 |
| TPP-Transaction-ID | Unique identifier for the transaction. For Sandbox testing, you can make this up. Mandatory. |
6b24ce42-237f-4303-a917-cf778e5013d6 |
| access | Supported value is 'ALL_ACCOUNTS'. Mandatory. |
ALL_ACCOUNTS |
Response example
This is what the response looks like when the consent initiation for Account / Card Account Information has been done. A successful response will include a consent ID as well as links to endpoints for continuing the authorization process with the signing of the consent by the end user (PSU).
HTTP/1.1 200 OK {
"consentId": "d3f3dd9f-9d41-85b2-4866-789a23caccc6",
"consentStatus": "RECEIVED",
"scaMethods": [{
"_links": {
"authorization": [{
"href": "https://sandbox.handelsbanken.com/openbanking/oauth2/authorize/1.0",
"name": "authorize_1.0",
"type": "application/x-www-form-urlencoded"
}
]
},
"scaMethodType": "REDIRECT"
},
{
"_links": {
"authorization": [{
"href": "https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/initAuthorization/2.0",
"name": "decpld_mbid_2.0",
"type": "application/json"
}]
},
"scaMethodType": "DECOUPLED"
}
]
}
Important: In the Live environment, the link to the authorization endpoint is different than in Sandbox.
- For Redirect:
Sandbox = "https://sandbox.handelsbanken.com/openbanking/oauth2/authorize/1.0"
Live = "https://secure.handelsbanken.com/mlurc/oauth2/authorize/1.0"
- For Decoupled:
Sandbox = "https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/initAuthorization/2.0"
Live= "https://api.handelsbanken.com/mlurd/decoupled/mbid/initAuthorization/2.0"
| Parameter | Description | Example |
|---|---|---|
| consentId | The consent ID that has been created to be used later on when the PSU signs it. | d3f3dd9f-9d41-85b2-4866-789a23caccc6 |
| scaMethods.[]._links.authorization.[].href | Link to authorization endpoint for starting the PSU authorization process. |
Decoupled: Redirect: |
| scaMethods.[].scaMethodType | The type of PSU authorization method. | DECOUPLED REDIRECT |
Step 3: Consent Authorisation Grant
We support two different authorization flows, Redirect and Decoupled. Redirect is available for all countries, while Decoupled is only available in Sweden.
Redirect Authorization flow
Redirect Request
In this first phase of the authorization flow, Authorize Request, the PSU is signing the consent. However, the signing is not implemented in the sandbox, therefore the response comes immediately as if the PSU had signed the consent.
Request example
curl -v -X GET 'https://sandbox.handelsbanken.com/openbanking/oauth2/authorize/1.0?response_type=code&scope=AIS:CONSENT ID YOU GOT FROM PREVIOUS STEP&client_id=YOUR CLIENT ID&state=YOUR CHOICE&redirect_uri=CHOOSE AN ARBITARY URI'
-H 'Accept: application/json' \
-H 'X-Sandbox-User: CHOOSE A SANDBOX USER FROM THE TEST DATA DOCUMENT'
| Parameter | Description | Example |
|---|---|---|
| response_type | The type of response, should always be "code". Mandatory. |
code |
| scope | "AIS" for Account / Card information plus consent-id Mandatory. |
AIS:d3f3dd9f-9d41-85b2-4866-789a23caccc6 |
| client_id | Your application's client-id. Mandatory. |
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc |
| state | An identifier chosen by you (the TPP), to be able to identify the current transaction. This will be provided in the call to your redirect URI. Mandatory. |
bc4b933c-bfc2-44c8-b858-eba90f559f91 |
| redirect_uri | This is the callback URI to your own service, that will be called after the PSU finishes authorizing themselves. In the sandbox it will be called immediately since we don't have to wait for a user. Mandatory. |
http://YourCallbackServer/redirect/result |
| X-Sandbox-User | The sandbox user that is going to sign the consent. In production this is handled by the actual authentication user interface. In the sandbox we cheat and use a parameter. Mandatory for individual users, as well as for corporate users in GB. |
SANDBOX-INDIVIDUAL-SE-1 |
Response example
In the sandbox the response is returned with a HTTP code 302 with Location header set to the redirect URI with query parameters of state (from the request) and an authorization code to be used in the next step: Request Authorization Code Grant token.
If there is an error, a Location header will be returned with the query parameters "error" and "error_description".
http://YourCallbackServer/redirect/result?state=bc4b933c-bfc2-44c8-b858-eba90f559f91&code=617ee7d6-5c66-0423-ef83-583ac0da1f46
| Parameter | Description | Example |
|---|---|---|
| state | The identifier that you provided in the authorize request, to identify the current transaction. Mandatory. |
bc4b933c-bfc2-44c8-b858-eba90f559f91 |
| code | An authorization code to be used in the next step. Mandatory. |
617ee7d6-5c66-0423-ef83-583ac0da1f46 |
Request Authorization Code Grant token
The final step in the redirect authorization flow is to retrieve an access token, by calling the Authorization Code Grant API
Request example
curl -X POST https://sandbox.handelsbanken.com/openbanking/oauth2/token/1.0 \
-H 'Accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=authorization_code&scope=AIS:CONSENT ID YOU GOT FROM PREVIOUS STEP&client_id=YOUR CLIENT ID&code=AUTHORIZATION CODE FROM PREVIOUS STEP&redirect_uri=CHOOSE AN ARBITARY URI'
See below for the type of information that needs to be in your request.
| Parameter | Description | Example |
|---|---|---|
| grant_type | The type of token call. Should be "authorization_code". Mandatory. |
authorization_code |
| scope | "AIS" for Account / Card information plus consent-id. Mandatory. |
AIS:d3f3dd9f-9d41-85b2-4866-789a23caccc6 |
| client_id | Your application's client-id. Mandatory. |
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc |
| code | The authorization code from last step. Mandatory. |
617ee7d6-5c66-0423-ef83-583ac0da1f46 |
| redirect_uri | This is the callback URI to your own service. Mandatory. |
http://YourCallbackServer/redirect/result |
Response example
This is what the response looks like when an access token has been successfully retrieved from the authorization server.
HTTP/1.1 200 OK {
"access_token": "QVQ6ZjdlODAyMTgtNGIwZi1kMDBkLThkMTctYjkwZjA4MjI2Njhi",
"expires_in": 86400,
"token_type": "Bearer",
"refresh_token": "UlQ6N2I5MzllY2MtNjY2MC0yODE2LTkyZjItZGVlZWE5ZGY0NWM3"
}
| Parameter | Description | Example |
|---|---|---|
| access_token | The access token to be used in Authorization header in the coming requests against the endpoints of the accounts or card accounts APIs. | QVQ6ZjdlODAyMTgtNGIwZi1kMDBkLThkMTctYjkwZjA4MjI2Njhi |
| expires_in | Number of seconds the access_token is valid. Note that the sandbox only has static data - the access_token will never expire. |
86400 |
| token_type | Always the value ”Bearer”. | Bearer |
| refresh_token | A token that can be used when the access_token has expired, but the consent is still valid. | UlQ6N2I5MzllY2MtNjY2MC0yODE2LTkyZjItZGVlZWE5ZGY0NWM3 |
Decoupled Authorization flow
The Decoupled Authorization flow is only available in Sweden. It uses the Mobile BankID for authentication. However the Sandbox is not connected to mobile bank id. Instead the authentication will always be successful.
Decouple Request
Request example
Note that the "psu_id" is mandatory for individual users, but not used for corporate users
curl -X POST https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/initAuthorization/2.0 \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"client_id": "YOUR CLIENT ID",
"scope": "AIS:CONSENT ID RECEIVED FROM PREVIOUS STEP",
"psu_client_ip": "YOUR CHOICE"",
"psu_id": "SANDBOX-INDIVIDUAL-SE-1",
"bisa_same_device": true
}'
See below for the type of information that needs to be in your request. Please make sure you replace the example values with the correct ones in your request.
| Parameter | Description | Example |
|---|---|---|
| client_id | Your application's client-id. Mandatory. |
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc |
| scope | "AIS" for Account / Card information plus consent-id Mandatory. |
AIS:d3f3dd9f-9d41-85b2-4866-789a23caccc6 |
| psu_client_ip | IP address of the PSU's device. Both IPV4 and IPV6 address formats are allowed. Mandatory. |
127.0.0.1 |
| psu_id | PSU Personal Id which is the sandbox user to authenticate. Mandatory for individual users, not used for corporate users. |
SANDBOX-INDIVIDUAL-SE-1 |
| bisa_same_device | Data type : boolean. Set value to true when the customer BankID app (BISA) run on the same device as the TPP client. An autoStartToken will be returned in the response. Set value to false when the BISA app run on a different device then the TPP client. A complete QR code will be returned in the response. Note that the parameter is not used by the sandbox, since the sandbox is not connected to Mobile BankID. Mandatory. |
true |
Response example when bisa_same_device=true
HTTP/1.1 200 OK
{
"auto_start_token": "Not a valid auto_start_token",
"sleep_time": 2000,
"_links": {
"token": {
"href": "https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/token/2.0?sessionId=d5471d98-decd-a249-82ad-5b477df28e89",
"hints": {
"allow": ["POST"]
}
},
"cancel": {
"href": "https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/cancel/2.0?sessionId=d5471d98-decd-a249-82ad-5b477df28e89",
"hints": {
"allow": ["POST"]
}
}
}
}
Response when bisa_same_device=false
HTTP/1.1 200 OK
{
"qr_code": "Not a valid qr_code",
"sleep_time": 2000,
"_links": {
"token": {
"href": "https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/token/2.0?sessionId=d5471d98-decd-a249-82ad-5b477df28e89",
"hints": {
"allow": ["POST"]
}
},
"cancel": {
"href": "https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/cancel/2.0?sessionId=d5471d98-decd-a249-82ad-5b477df28e89",
"hints": {
"allow": ["POST"]
}
}
}
}
Description of response parameters.
| Parameter | Description | Example |
|---|---|---|
| auto_start_token | Optional, will only be returned when bisa_same_device=true. Token will be invalid since the sandbox is not connected to BankID. | Not a valid auto_start_token |
| qr_code | Optional, will only be returned when bisa_same_device=false. The QR-code will be invalid since the sandbox is not connected to BankID. | Not a valid qr_code |
| sleep_time | The minimum number of milliseconds to wait before invoking the token endpoint and between each call to that endpoint. | 2000 |
| links.token.href | Link to the token endpoint, with your unique session-id, to use in the next step. | https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/token/2.0?sessionId=d5471d98-decd-a249-82ad-5b477df28e89 |
| links.cancel.href | Link to the cancel endpoint, to cancel the ongoing authorization process. Note that the sandbox uses static data. It is therefore not possible to actually cancel the authorization process. Though it is possible to call the endpoint, but it will have no effect. |
https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/cancel/2.0?sessionId=d5471d98-decd-a249-82ad-5b477df28e89 |
Request Decoupled Grant token
In production it is necessary to start the BankID app, or display a QR-code to the user. However the sandbox is not connected to BankID. Therefor we need to skip that step.
The final step in the decoupled authorization process is to retrieve an access token, by calling the Decoupled Grant API
The URL to this request was received in previous step. In production it is necessary to poll this URL repeatedly, but in the sandbox it will always send a response with the "COMPLETE" status.
Request example
curl -X POST 'https://sandbox.handelsbanken.com/openbanking/decoupled/mbid/token/2.0?sessionId=SESSION ID RECEIVED FROM PREVIOUS STEP' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{}'
Response example
This is what the response looks like when the authorization has been successfully completed by the end user (PSU).
Note that the status will always be COMPLETE for the sandbox.
HTTP/1.1 200 OK
{
"result" : "COMPLETE”,
"access_token" : "QVQ6ZjdlODAyMTgtNGIwZi1kMDBkLThkMTctYjkwZjA4MjI2Njhi",
"token_type" : "Bearer",
"expires_in" : 86400,
"refresh_token" : "UlQ6N2I5MzllY2MtNjY2MC0yODE2LTkyZjItZGVlZWE5ZGY0NWM3"
}
| Parameter | Description | Example |
|---|---|---|
| result | Information about which "status" the token request is in: COMPLETE - the PSU has verified and the response includes token info. |
COMPLETE |
| access_token | The access token to be used in Authorization header in the coming requests against the endpoints of theaccounts and cards APIs. Note! This token can only be used for the particular scope+PSU consent, that was given at initiation of the authorization. |
QVQ6ZjdlODAyMTgtNGIwZi1kMDBkLThkMTctYjkwZjA4MjI2Njhi |
| token_type | Always the value "Bearer". | Bearer |
| expires_in | Number of seconds the access_token is valid. Note that the sandbox only has static data - the access_token will never expire. |
86400 |
| refresh_token | A token that can be used when the access_token has expired, but the consent is still valid. | UlQ6N2I5MzllY2MtNjY2MC0yODE2LTkyZjItZGVlZWE5ZGY0NWM3 |
Step 4: Call the Account / Card Account Information APIs
The information you retrieve, from previous step, can vary due to the type of customer and which country the customer holds accounts in. Whilst we always try to keep our Sandbox test data up to date, the Account and Card Account attribute documents reflect exactly what is retrievable in our Live APIs. So before integrating with our Live APIs, please check our Country specific pages for the countries you want to integrate with, particularly the Attribute documents.
Remember that for GB and LU the URL looks as following:
GET https://sandbox.handelsbanken.com/openbanking/psd2/gb/v1/accounts
and
GET https://sandbox.handelsbanken.com/openbanking/psd2/lu/individual/v1/accounts
The request examples we have provided below, is for the Account Information API.
To test the Card Accounts Information API, use the following endpoints instead: /card-accounts and /card-accounts/{accountId}/transactions
For FI and SE the URL looks as following:
https://sandbox.handelsbanken.com/openbanking/psd2/v1/card-accounts
and
for GB the URL looks as following:
https://sandbox.handelsbanken.com/openbanking/psd2/gb/v1/card-accounts
GET /accounts example
curl -X GET https://sandbox.handelsbanken.com/openbanking/psd2/v2/accounts \
-H 'X-IBM-Client-Id: YOUR CLIENT ID' \
-H 'Authorization: Bearer ACG OR DG ACCESS TOKEN RECEIVED FROM PREVIOUS STEP' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'TPP-Request-ID: YOUR REQUEST ID' \
-H 'TPP-Transaction-ID: YOUR TRANSACTION ID'
See below for the type of information that needs to be in your request.
| Parameter | Description | Example |
|---|---|---|
| X-IBM-Client-Id | The client_id (app-id) Mandatory. |
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc |
| Authorization |
The ACG/DG access token. Mandatory. |
Bearer MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI1 |
| TPP-Request-ID | Unique identifier for the request. For Sandbox testing, you can make this up. Mandatory. |
c8271b81-4229-5a1f-bf9c-758f11c1f5b1 |
| TPP-Transaction-ID | Unique identifier for the transaction. For Sandbox testing, you can make this up. Mandatory. |
6b24ce42-237f-4303-a917-cf778e5013d6 |
Response
You'll receive all the available accounts for the test customer.
GET /accounts/{accountId} example
An accountId is obtained from the GET/accounts step which you just did, so make sure you add this in to the URL
curl -X GET https://sandbox.handelsbanken.com/openbanking/psd2/v2/accounts/ACCOUNT-ID \
-H 'X-IBM-Client-Id: YOUR CLIENT ID' \
-H 'Authorization: Bearer ACG OR DG ACCESS TOKEN RECEIVED FROM PREVIOUS STEP' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'TPP-Request-ID: YOUR REQUEST ID' \
-H 'TPP-Transaction-ID: YOUR TRANSACTION ID'
See below for the type of information that needs to be in your request.
| Parameter | Description | Example |
|---|---|---|
| X-IBM-Client-Id | The client_id (app-id) Mandatory. |
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc |
| Authorization |
The ACG/DG access token. Mandatory. |
Bearer MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI1 |
| TPP-Request-ID | Unique identifier for the request. For Sandbox testing, you can make this up. Mandatory. |
c8271b81-4229-5a1f-bf9c-758f11c1f5b1 |
| TPP-Transaction-ID | Unique identifier for the transaction. For Sandbox testing, you can make this up. Mandatory. |
6b24ce42-237f-4303-a917-cf778e5013d6 |
Response
You'll receive all information available, excluding the balance, for a particular account.
GET /accounts/{accountId} with balance example
If you would like to get a balance with the account too, please do the request with the accountId (that you previously received) and include the withBalance query parameter.
curl -X GET https://sandbox.handelsbanken.com/openbanking/psd2/v2/accounts/ACCOUNT-ID?withBalance=true \
-H 'X-IBM-Client-Id: YOUR CLIENT ID' \
-H 'Authorization: Bearer ACG OR DG ACCESS TOKEN RECEIVED FROM PREVIOUS STEP' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'TPP-Request-ID: YOUR REQUEST ID' \
-H 'TPP-Transaction-ID: YOUR TRANSACTION ID'
See below for the type of information that needs to be in your request.
| Parameter | Description | Example |
|---|---|---|
| X-IBM-Client-Id | The client_id (app-id) Mandatory. |
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc |
| Authorization |
The ACG/DG access token. Mandatory. |
Bearer MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI1 |
| TPP-Request-ID | Unique identifier for the request. For Sandbox testing, you can make this up. Mandatory. |
c8271b81-4229-5a1f-bf9c-758f11c1f5b1 |
| TPP-Transaction-ID | Unique identifier for the transaction. For Sandbox testing, you can make this up. Mandatory. |
6b24ce42-237f-4303-a917-cf778e5013d6 |
Response
You'll receive all information available, including the balance, for a particular account.
GET /accounts/{accountId}/transactions example
If you would like to get transactions for the account, please do the request with the accountId (that you previously received).
You also have the possibility to add the query parameters dateTo and dateFrom with this format "YYYYMMDD"
curl -X GET https://sandbox.handelsbanken.com/openbanking/psd2/v2/accounts/ACCOUNT-ID/transactions \
-H 'X-IBM-Client-Id: YOUR CLIENT ID' \
-H 'Authorization: Bearer ACG OR DG ACCESS TOKEN RECEIVED FROM PREVIOUS STEP' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'TPP-Request-ID: YOUR REQUEST ID' \
-H 'TPP-Transaction-ID: YOUR TRANSACTION ID'
See below for the type of information that needs to be in your request.
| Parameter | Description | Example |
|---|---|---|
| X-IBM-Client-Id | The client_id (app-id) Mandatory. |
f31b7318-8f21-4eaf-8817-6b5e4e02d6bc |
| Authorization |
The ACG/DG access token. Mandatory. |
Bearer MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI1 |
| TPP-Request-ID | Unique identifier for the request. For Sandbox testing, you can make this up. Mandatory. |
c8271b81-4229-5a1f-bf9c-758f11c1f5b1 |
| TPP-Transaction-ID | Unique identifier for the transaction. For Sandbox testing, you can make this up. Mandatory. |
6b24ce42-237f-4303-a917-cf778e5013d6 |
Response
You'll receive all transactions available for a particular account.