Reference:
Business Access Authorization API
Q:
We want to test the authorization flow in your Sandbox environment. How can we go through Nordea UI where a user authenticates and select bank accounts? We cannot find the URL for the wizard where we can select bank accounts and redirect to our application with the provided authorization code. What is the starting point of this flow?
A:
Nordea UI is not available in Sandbox - this step is mocked in Sandbox. The first step of the authorization flow is:
Redirect - Initiating the authorization flow
The call will return HTTP 302 redirect code, indicating a successful redirect. Check response Headers - Location for getting the authorization code.
Q:
Then requesting:
POST /authorize
will redirect us to the Nordea UI where the user authenticates and select bank accounts only in Production environment?
A:
Yes, that's correct.
Q:
Will the user be automatically redirected from your side to Nordea UI after:
POST /authorize
request or you will return only 302 and we have to redirect the user to the returned Response.Headers.Location?
A:
This option is correct for Sandbox. Nordea UI Authentication wizard is skipped in Sandbox. After initiating the authorization flow the call should return HTTP 302 redirect code and you need to redirect the user to the returned Response.Headers.Location. This value corresponds with the redirect_uri provided in the /authorize request with the parameter auth code. For example:
Response.Headers.Location: test.com?code=<code>
Refer to:
Redirect - Initiating the authorization flow
Q:
What happens after:
POST /authorize
in Production environment? Will we get URL for Nordea UI in Response.Headers.Location where we should redirect the user? Is that a web page URL?
A:
Refer to the following Production flow:
- TPP starts the process by initiating the Redirect Authorization flow. The flow can be initiated through the following endpoint: POST /authorize
- The call will return an HTTP 302 redirect code, indicating a successful redirect ("Location" header of the response includes the Nordea UI URL)
- PSU (Payment Service User) is redirected to Nordea UI to select bank accounts he wishes to grant access to
- After this selection is done, he can continue the flow and return back to TPP application.
Refer to:
Redirect access authorization flow
Q:
Do you provide the information about user's selected bank accounts? If yes, where we can acquire it?
A:
TPP cannot see the information about selected accounts until a full authorisation flow is successfully completed. Then TPP can call:
GET /assets
endpoint to get a list of accounts with a given consent.