Changelog

2024-05-20 Enterprise API
Removed Enterprise End-user credentials endpoint mentioned below since it is neither used nor supported any longer. Client credentials is still supported for Enterprise clients.

• GET https://api/auth/1.0/authorize— öppnas i ny flik

2024-04-12 Enterprise API
Replaced preapproval endpoints with new mortgage endpoints.

• GET https://api.sbab.se/partner/applications/mortgage/openapi.yaml— öppnas i ny flik --> GET https://api.sbab.se/partner/mortgage/openapi.yaml— öppnas i ny flik
• POST https://api.sbab.se/partner/applications/pre-approval— öppnas i ny flik --> POST https://api.sbab.se/partner/mortgage/2.0/pre-approval— öppnas i ny flik
• POST https://api.sbab.se/partner/applications/pre-approval/{id}/acceptance— öppnas i ny flik --> POST https://api.sbab.se/partner/mortgage/2.0/pre-approval/{id}/acceptance— öppnas i ny flik
• GET https://api.sbab.se/partner/applications/{id}/status— öppnas i ny flik --> GET https://api.sbab.se/partner/mortgage/2.0/pre-approval/{id}/status— öppnas i ny flik
• POST https://api.sbab.se/partner/applications/{id}/pre-approval/applicants/{applicant-id}/signature— öppnas i ny flik --> POST https://api.sbab.se/partner/signing/1.0/start— öppnas i ny flik OR
  POST https://api.sbab.se/partner/signing/1.0/start/phone— öppnas i ny flik

Refer Pre Approval migration guide section to change your implementation.

2024-04-03 Enterprise API
Added new 2.0 endpoints for enterprise partners (new addresses that use exactly the same attributes as 1.0) that are now available for use.

• POST /api/loan-application/2.0/mortgages
• PUT /api/loan-application/2.0/mortgages/sign-bankid/{loan-application-id}/participant/{participant-id} (only exists in sandbox)
• GET /api/loan-application/2.0/mortgages/status/{loan-application-id}
• DELETE /api/loan-application/2.0/mortgages/{loan-application-id}
• PUT /api/loan-application/2.0/mortgages/{loan-application-id}/supplementary-documentation/{supplement-id}

The corresponding 1.0 endpoints below are deprecated and will not work after 2024-04-30. Deprecation and Sunset headers are included in the responses to inform about the deprecation.

• POST /api/loan-application/1.0/mortgages (switch to new 2.0 API)
• PUT /api/loan-application/1.0/mortgages/sign-bankid/{loan-application-id}/applicant/{applicant-id} (only exists in sandbox, switch to new 2.0 API)
• GET /api/loan-application/1.0/mortgages/status/{loan-application-id} (switch to new 2.0 API)
• DELETE /api/loan-application/1.0/mortgages/{loan-application-id} (switch to new 2.0 API)
• PUT /api/loan-application/1.0/mortgages/{loan-application-id}/supplementary-documentation/{supplement-id} (switch to new 2.0 API)

The 1.0 signing endpoint below, using BankID v5 auto-launch, is deprecated and will not work after 2024-04-30. The new Signing 1.0 API (se previous announcement), using BankID v6 without auto-launch, is available and should be used instead.

• POST /api/loan-application/1.0/mortgages/sign/{loan-application-id}/applicant/{applicant-id}

The preapproval endpoints below, that do not require a signing, are deprecated but can still be used, for presently an undefined time. Partners are encouraged to instead use the new preapproval API defined here: https://api.sbab.se/partner/mortgage/openapi.yaml— öppnas i ny flik

• POST /api/loan-application/1.0/mortgages/preapproval
• GET /api/loan-application/1.0/mortgages/preapproval/status/{pre-approval-application-id}
• DELETE /api/loan-application/1.0/mortgages/preapproval/{pre-approval-id}

Read more in the Enterprise section.

2024-03-28 Signing API
Replaced the Signing API endpoint addresses to make it more clear that these endpoints are for SBAB partners.

• /api/signing/1.0/start --> /partner/signing/1.0/start
• /api/signing/1.0/start/phone --> /partner/signing/1.0/start/phone
• /api/signing/1.0/collect --> /partner/signing/1.0/collect
• /api/signing/1.0/cancel --> /partner/signing/1.0/cancel

Read more in the Enterprise Signing section.

2024-03-21 Signing API
Added the following endpoints for the Signing API

• POST /api/signing/1.0/start
• POST /api/signing/1.0/start/phone
• POST /api/signing/1.0/collect
• POST /api/signing/1.0/cancel

2024-01-29 AUTH, PSD2 with secure start bankID v6.0
Secure start PSD2 authenticate, authorize, status and cancel are executed using the following endpoints:

• POST /psd2/auth/3.0/authenticate
• POST /psd2/auth/3.0/authorize
• POST /psd2/auth/3.0/status
• POST /psd2/auth/3.0/cancel

The following endpoints have been deprecated and will not work after 2024-04-30:

• GET /psd2/auth/1.0/authenticate
• GET /psd2/auth/2.0/authorize

The present endpoint for issuing an access token remains unchanged:

• POST /psd2/auth/1.0/token

Read more in the PSD2 Authentication section.

2024-01-22 Payment Initiation Service (PIS via secure start bankID v6)
Initiating both transfers and recurring transfers can be done via the following endpoints:

• POST /psd2/savings/3.0/accounts/{account-number}/transfers
• POST /psd2/savings/3.0/accounts/{account-number}/recurring-transfers

Initiating the signing of a transfer or a recurring transfer has been added to fulfill the PSD2 requirements for Secure Start BankID v6. The following endpoints are used for this:

• POST /psd2/savings/3.0/transfers/signing/start
• POST /psd2/savings/3.0/transfers/signing/collect

For getting the status of the transfer or the recurring transfer, new endpoints have been added:

• GET /psd2/savings/3.0/accounts/{account-number}/transfers/{reference-id}/status
• GET /psd2/savings/3.0/accounts/{account-number}/recurring-transfers/{reference-id}/status

For getting all recurring transfers, a new endpoints has been added:

• GET /psd2/savings/3.0/accounts/recurring-transfers

For deleting a pending transfer or recurring transfer, new endpoints have been added:

• DELETE /psd2/savings/3.0/accounts/{account-number}/transfers/{transfer-id}
• DELETE /psd2/savings/3.0/accounts/{account-number}/recurring-transfers/{recurring-transfer-id}

A new endpoint used to simulate signing of transfers is added (only used in sandbox but not in production)

• PUT /psd2/savings/3.0/transfers/sign-bankid/{signing-id}

The following corresponding 2.0 endpoints have been deprecated and will not work after 2024-04-30. Deprecation and Sunset headers are included in the responses to inform about the deprecation.

• POST /psd2/savings/2.0/accounts/{account-number}/transfers
• POST /psd2/savings/2.0/accounts/{account-number}/recurring-transfers
• GET /psd2/savings/2.0/accounts/{account-number}/transfers/status/{reference-id}
• GET /psd2/savings/2.0/accounts/recurring-transfers/status/{reference-id}
• GET /psd2/savings/2.0/accounts/recurring-transfers
• DELETE /psd2/savings/2.0/accounts/{account-number}/transfers/{transfer-id}
• DELETE /psd2/savings/2.0/accounts/{account-number}/recurring-transfers/{recurring-transfer-id}
• PUT /psd2/savings/2.0/accounts/transfers/sign/{reference-id} (only in sandbox)
• PUT /psd2/savings/2.0/accounts/recurring-transfers/sign/{reference-id} (only in sandbox)

Read more in the Payment Initiation Service section.

2023-08-10 Enterprise

Added new endpoint /api/interest-rates/2.0/effective-interest-rate for calculation of effective interest rate for a loan. Read more in the interest rates section.

2023-07-03 PIS, PSD2

Initiating signing of both transfers (/psd2/savings/2.0/accounts/{account-number}/transfers) and recurring transfers (/psd2/savings/2.0/accounts/{account-number}/recurring-transfers) will require a mandatory Header PSU-IP-Address from 2023-10-01.
Usage of PSU-IP-Address before 2023-10-01 is however strongly recommended.
The redirect flow will be deprecated and hence data in the request body part called sign_options_data is not needed and will from 2023-10-01 be deprecated. In the response only a value in autostart_token will be returned to trigger BankID.

2023-07-03 Enterprise

Initiating signing of a loan applications (/api/loan-application/1.0/mortgages/sign/{loan-application-id}/applicant/{applicant-id}) will require a mandatory Header PSU-IP-Address from 2023-08-01.
Usage of PSU-IP-Address as soon as possible is strongly recommended.
In the response only a value in autostart_token will be returned to trigger BankID.

2023-04-12 AIS, PSD2

Added new endpoint /psd2/auth/2.0/authorize for PSD2 consent. The existing endpoint /psd2/auth/1.0/authorize will be deprecated 2023-08-21.

2023-04-12 AIS, PSD2

The consent period will increase from the existing 90 days to 180 days from 2023-07-25.

2023-04-12 AIS, PSD2

Added the possibility for end users authenticated in a TPP app to do some AIS operations on accounts and transfers without any extra SCA.

2022-05-02 PIS, PSD2

Removed functionality for updating a recurring transfer.

2022-03-28 Enterprise

Added new cost of cars information as decided by Finansinspektionen that applies to both Left to Live, Pre Approval and Loan Application. Read more in the cost of cars section.

2021-02-08 Enterprise

Added Loan Application digital signing support.

2020-02-24 AUTH, PSD2

2020-09-24 AUTH, AIS, PIS, PSD2, Enterprise

Updated content in all parts.

2020-02-24 AUTH, PSD2

Remove fallback solution.

2019-07-03 AUTH, AIS, PIS

Made it possible to add a root issuer certificate used in MTLS.

2019-07-02 ENT

Added message handling on a loan-application. For more information, please read enterprise documentation.

2019-06-20 AUTH, AIS, PIS

Change of paths for psd2. For more information, please read auth documentation.

2019-06-11 AUTH

Authentication endpoints updated for both live data and sandbox. Authentication redirect flow removed and use of BankID autostart token introduced as a replacement. Scopes in authenticate requests now possible as well as using PSD2 test certificate in sandbox in order to test same flow as in our production environment. Documentation is updated accordingly and also have curl examples of the authentication flow.

2019-03-07 The SBAB Developer portal is published.

2019-02-07 The SBAB Open Banking API is published.