This document explains how to integrate with Nordigen API to connect to your users’ bank accounts and access account information from bank PSD2 APIs. Nordigen API is a set of endpoints that allows you to integrate our Account Information solution with your system. All responses will be shown in JSON format. All endpoints require the Authorization token.
Before you start, please make sure you have acquired a user secret from Nordigen's Open Banking Portal.
To jump-start your integration, head straight to the Quickstart Guide.
Account Information solution can access up to 24 months of transaction history as well as up to 90 days of continuous access to account information.
Our Account Information solution provides access to the following data:
Our Account Information solution is available in all European Economic Area countries that are subject to PSD2 regulation. In all these countries Nordigen (Nordigen Solutions Ltd.) operates as an authorized AISP. You can see the full bank coverage in each country here.
To use Account Information, you are required to sign up to Nordigen's Open Banking Portal and acquire user secrets.
User secrets are used to create acces tokens which in turn are used for client authentication and API request authorization. The access token is provided through the HTTP authorization header.
Banks may impose rate limits, down to 4 API calls per day for every account. Each endpoint (details, balances, transactions) has it own rate limit. If you exceed the rate limit, you will get an error.
The diagram below depicts an example of the customer journey for our clients' end users.
(2) After the end user selects an financial institution, they are taken to the second view, which contains a consent text. This view is hosted by Nordigen. When the end user has accepted consent, they are directed to the next view.
(3) The financial institution provides an interface for the end user to link their account data. This view is developed and hosted by the financial institution, therefore, neither you nor Nordigen can influence the look and feel of this view*. The financial institution view depends on each financial institution.
After successful authentication, their access token is securely stored on the Nordigen side. The access token enables Nordigen to fetch bank account data from the respective financial institution.
(4) As the final step, the end user is redirected to URL specified by you. If necessary, you can ask the end user to link another financial institution or conclude the process.
If the authentication wasn't successful where either the end user decided not to proceed, or the user did provide a wrong user name and/or password, the end user is redirected back to the initial application view, developed and hosted by you. The error message is attached as a query parameter in this case.
Once the end user has successfully concluded the process, you can access the raw data via the Nordigen API.
* Certain financial institutions do not provide their views for user authentication; they rely on Nordigen to provide means of collecting the end-user credentials. Nordigen does not store nor process the end-user credentials!
When signing up on Nordigen's Open Banking Portal you will be required to provide details on your company or about yourself in case you intend to use our service for private purposes. Some of these details will be shown to an end user to inform her on involved parties. When signing up your account you will have "Non-verified" status and end users will see an informative message (see image).
Once you are ready to go into production and wish us to remove that informative message, we will verify your details. Please write to email@example.com that you intend your account to be verified to initiate this process. In most cases the information you provided when signing up will be sufficient for us to do the verification while in some we might ask for some clarification. The requests are processed within 1 business day.
NB! There are no limitations to non verified accounts other than the aforementioned message to end users.