1. Check out the documentation
To get a basic feel for the services offered by the SBAB Bank-API, it is a good idea to read through our documentation. It will give you an overview of all the endpoints available and detailed information about these. Start by reading through the section "Introduction".
The documentation describes how to integrate with SBAB using our API. Only registered clients can access the API. To obtain information on how to register for access, contact us using the contact information at the top of this documentation.
SBABs bank-api is divided into five sections:
Authorization - Used for both end users and system users to retrieve access token.
AIS - Account Information Service (PSD2)
PIS - Payment Initiation Service (PSD2)
Enterprise - The rest of SBAB Bank-API:s. It has functionality to fetch loan information och apply for new mortgage loans.
Open - The service SBAB provide that requires no authorization
The API is based on HTTP and JSON. If the call is successful, an HTTP status code of 200 or 202 is returned. In that case the response objects listed in this documentation should be expected in the response body. However, the response objects may contain more fields than the ones listed in this documentation. Fields not documented should be ignored.
The version of the API is indicated in the path. Newer versions may deprecate this version. If that happens, registered clients will be updated with information about the new version and a time plan for when the old version will be deprecated.
2. Create a sandbox account
Once you've got a basic feel for the SBAB Bank-API, it's time to test the API. But before get started, you must create an authorization key (aka bearer token) for the sandbox environment. This bearer token must be used in all sandbox requests. As an alternative use a valid PSD2 client certificate, see next section.Create an account
3. Explore the API
There are three ways to test the sandbox APIs.
The first alternative is to register in the develop-portal and receive a Bearer Token by email in the format 'Bearer 12345-12345-12345-12345'. You need to click on the verification link sent to you in the onboarding mail. This will activate the token. Then use this in a HTTP HEADER named 'Authorization'. Key: Authorization, Value Bearer 12345-12345-12345-12345. All data is then available.
The second alternative is to use a valid test or production PSD2 certificate. As opposed to the production environment, no mutual TLS handshake will occur in the sandbox. All data based on the scope (AIS and/or PIS) in the certificate is then available.
The third alternative is to simply call the SBAB-open endpoints where no authorization is required.
Please note that the sandbox environment is exclusively based on mocked data with no or limited capability to save your results.Test the sandbox
Optional: Apply for production access
- You have to register if you have not done so already (and confirm the e-mail address)
- Log in
- Click the apply for production button
- Fill in the data of contact person, the corporate name and the PSP authorization number* (if you are a PSD2 customer).
- Select if you interested in AIS, PIS or Enterprise
- Fill in any additional data you want to inform SBAB about
- Click the send contact info to SBAB button
SBAB will contact you and provide additional information on how to proceed
*) To apply for production access and to later authenticate/authorize at SBAB, you will need to input the PSP authorization number from your PSD2 client certificate.
This certificate must be the one your production hosts will be using to authenticate/authorize at SBAB.
The PSP authorization number is stored in the Principal DN in the certificate, tagged with 'OID.220.127.116.11' and with a value like 'PSDSE-FINA-32017'.
This value will be matched against all your future api authenticate/authorize requests to enable api access.