1. Check out the documentation
To get a basic feel for the services offered by the SBAB Bank-API, it is a good idea to read through our documentation. It will give you an overview of all the endpoints available and detailed information about these. Start by reading through the section "Introduction".
2. Create a sandbox account
Once you've got a basic feel for the SBAB Bank-API, it's time to test the API. But before get started, you must create an authorization key (aka bearer token) for the sandbox environment. This bearer token must be used in all sandbox requests. As an alternative use a valid PSD2 client certificate, see next section.Create an account
3. Explore the API
There are three ways to test the sandbox APIs.
The first alternative is to register in the develop-portal and receive a Bearer Token by email in the format 'Bearer 12345-12345-12345-12345'. You need to click on the verification link sent to you in the onboarding mail. This will activate the token. Then use this in a HTTP HEADER named 'Authorization'. Key: Authorization, Value Bearer 12345-12345-12345-12345. All data is then available.
The second alternative is to use a valid test or production PSD2 certificate. As opposed to the production environment, no mutual TLS handshake will occur in the sandbox. All data based on the scope (AIS and/or PIS) in the certificate is then available.
The third alternative is to simply call the SBAB-open endpoints where no authorization is required.
Please note that the sandbox environment is exclusively based on mocked data with no or limited capability to save your results.Test the sandbox
Optional: Apply for production access
- You have to register if you have not done so already (and confirm the e-mail address)
- Log in
- Click the apply for production button
- Fill in the data of contact person, the corporate name and the PSP authorization number* (if you are a PSD2 customer).
- Select if you interested in AIS, PIS or Enterprise
- Fill in any additional data you want to inform SBAB about
- Click the send contact info to SBAB button
SBAB will contact you and provide additional information on how to proceed
*) To apply for production access and to later authenticate/authorize at SBAB, you will need to input the PSP authorization number from your PSD2 client certificate.
This certificate must be the one your production hosts will be using to authenticate/authorize at SBAB.
The PSP authorization number is stored in the Principal DN in the certificate, tagged with 'OID.188.8.131.52' and with a value like 'PSDSE-FINA-32017'.
This value will be matched against all your future api authenticate/authorize requests to enable api access.