Account Information API Documentation

Introduction

This document explains how to integrate with Nordigen API to connect to your users’ bank accounts and access account information from bank PSD2 APIs. Nordigen API is a set of endpoints that allows you to integrate our Account Information solution with your system. All responses will be shown in JSON format. All endpoints require the Authorization token.

Before you start, please make sure you have acquired a token from Nordigen's Open Banking Portal.

To jump-start your integration, head straight to the Quickstart Guide.

If you’re looking for Transaction Categorisation and Insights API documentation, click here.

Available data

Account Information solution can access up to 24 months of transaction history as well as up to 90 days of continuous access to account information.

Our Account Information solution provides access to the following data:

  • Account: account holder name, a list of account holder’s accounts (account number, IBAN)
  • Transactions: date, merchant or counterparty (partner) name, description (info field), amount
  • Balances: current and available

Coverage

Our Account Information solution is available in all European Economic Area countries that are subject to PSD2 regulation. In all these countries Nordigen (Nordigen Solutions Ltd.) operates as an authorized AISP. You can see the full list of the countries here.

Authentication

To use Account Information, you are required to sign up to Nordigen's Open Banking Portal and acquire an access token.

Access tokens are used for client authentication and API request authorization. The access token is provided through the HTTP authorization header.

Rate Limits

For every authenticated end-user, you can update data 4 times per day. If you exceed the rate limit, you will receive an error.

Customer Journey

The diagram below depicts an example of the customer journey for our clients' end users.

Process Description

  • You assign a unique reference number to each of your end users, which is later used to identify the respective end user. With the unique identifier assigned, the end user then sees the first view, which is developed and hosted by you.
  • The end user is shown which ASPSPs (Account Servicing Payment Service Provider, e.g. bank) they can link with the service. The list of available ASPSPs is retrieved from the Nordigen API and depends on ASPSPs Nordigen supports within any given country.
  • After the end user selects an ASPSP, they are taken to the second view, which contains a consent text. This view is hosted by Nordigen.
  • When the end user has accepted consent, they are directed to the next view.
  • The end user is redirected to the third view, which states that Nordigen is transferring the end user to their ASPSP. This view is developed and hosted by Nordigen.
  • The ASPSP provides an interface for the end user to link their account data. This view is developed and hosted by the ASPSP, therefore, neither you nor Nordigen can influence the look and feel of this view. The ASPSP view depends on each ASPSP.
  • After successful authentication, their access token is securely stored on the Nordigen side. The access token enables Nordigen to fetch bank account data from the respective ASPSP.
  • As the final step, the end user is redirected back to the initial application view, developed and hosted by you. If necessary, you can ask the end user to link another ASPSP or conclude the process. 
  • If the authentication wasn't successful (either the end user decided not to proceed, or the user did provide a wrong user name and/or password for the ASPSPs that rely on Nordigen to collect this information* and forward it to the ASPSP), the end user is redirected back to the initial application view, developed and hosted by you. The error message is attached as a query parameter in this case.
  • Once the end user has successfully concluded the process, you can access the raw data via the Nordigen API.

* Certain ASPSPs do not provide their views for user authentication; they rely on the client - in this case, Nordigen - to provide means of collecting the end-user credentials. Nordigen does not store nor process the end-user credentials!

Data authentication

Nordigen uses regulated open APIs applying data authentication as depicted in the diagram.