Q:
The end user tried to connect to Nordea Corporate Account but he was not able to perform the login due to not being the Administrator of the Nordea Corporate agreement. On the Authorization flow the last call:
GET /corporate/v2/authorize/{access_id}
ends up with FAILED status:
“group_header”: {
“message_identification”: “123e4ae11e68163d”,
“creation_date_time”: “2023-04-21T09:50:51.318750646Z”,
“http_code”: 200
},
“response”: {
“status”: “FAILED”,
“_links”: [
{
“rel”: “self”,
“href”: “/v2/authorize/d123b03f-a53c-1234-123c-d5f20123a4ed”
Is it possible to receive a more detailed error message in such situations?
A:
We do not expose any details for failed logins as they can potentially be misused. It's true that the user cannot login when he is not Nordea Corporate Netbank (CN) Administrator or directly assigned login rights in CN. Essentially there are 3 account profiles in CN: users, administrators and a combination of both. This is configurable in the CN by a CN Administrator for a given corporation. Please seek further advice through the CN and your CN Administrator to determine how exactly this can be achieved. If no CN Administrator is present, please contact Nordea Bank Advisor. You may also refer to this page:
Nordea Cash Management Contacts
Note: When one of our mutual customer is trying to get data for the corporate segment, he needs to have a CN Administrator profile to grant access to the data available in CN. If someone has CN administration rights with the confirmation rule "Two Together" - that means that when he wants to grant access to data he needs another CN Administrator to co-confirm with him. So if they want to get access to their data, the authorization needs to be done by two active CN Administrators.
It is not a TPP requirement to assure that a CN user gets Administrator rights in CN. If the customer wants a specific user to be able to grant access to their data on behalf of them, they need to reach their contact person in Nordea and agree that the user should have Corporate Netbank Administrator rights. This registration is something that needs to be done by Nordea.
Q:
Can you give me a list of occurrences when the FAILED status is returned? We'd like to map this status to a message that will be displayed to the PSU and we would like to cover as many cases as possible.
A:
There are a lot of cases when the endpoint:
GET /corporate/v2/authorize/{access_id}
can return FAILED - for example, when the authorizer id was incorrect or a customer didn’t confirm login in the application. We cannot share all use cases due to security reasons. Refer to our API documentation for some general information:
Q:
Do you have a specific error code that we can map in order to let the PSU know in the authorization flow that they need to be the administrator of the account to log in with Nordea Corporate Netbank? We just get FAILED status. How can we communicate to the end users that they should contact the bank?
A:
We cannot expose too many details of the underlying reason for a failed authentication. We only provide error codes in our API documentation:
Also refer to our API documentation where the status FAILED is explained for a Corporate Authorization endpoint:
Decoupled corporate access authorization flow (Nordea ID)
Polling for authorization code (Corporate Access Authorization API)
Q:
When authorizer 1 has signed, is there a time limit for how long authorizer 2 can wait until he needs to sign? For example: if authorizer 1 signs today, can authorizer 2 signs tomorrow or will this fail?
A:
A time limit for both authorizers is set to 3 minutes. Please refer to: