Q:
(Sandbox) We try to execute the authentication in Postman by calling:
endpoint and receive the following error ("code": "error.validation", "description": "Expected type or array but got String"):
Body:
{
"account_list": [
"ALL"
],
"authentication_method": "QR_RDR",
"country": "DK",
"duration": 3600,
"language": "en",
"max_tx_history": 10,
"redirect_uri": "https://developer.nordeaopenbanking.com",
"scope": [
"ACCOUNTS_BASIC",
"ACCOUNTS_BALANCES",
"ACCOUNTS_DETAILS",
"ACCOUNTS_TRANSACTIONS",
"PAYMENTS_MULTIPLE"
],
"skip_account_selection": true,
"state": "{redacted}"
}
API Response:
{
"group_header": {
"message_identification": "6d5325671dd409d8c18d8843749e57ea",
"creation_date_time": "2024-12-10T07:59:55.658045974Z",
"http_code": 400
},
"error": {
"request": {
"url": "/v5/authorize"
},
"failures": [
{
"code": "error.validation",
"description": "Expected type or array but got String",
"path": "authentication_method",
"type": "TypeMismatch"
Why is that?
A:
Please check our API reference:
Business Access Authorization API
and see possible values of authentication_method parameter.
Q:
When a PSU (Payment Service User) has multiple business/company agreements with Nordea Business and initiates a supervised login, Nordea interface presents a list of available agreements. PSU is only able to select one agreement at a time, and only the accounts associated with that selected agreement are accessible. Do you support a selection of multiple agreements in a single login session?
A:
We do not allow a user to select multiple agreements during one session, however it is allowed to have multiple consents for a particular user.
Q:
(Sandbox) Can you confirm if the test eIDAS certificate downloadable from your:
API Market (Sandbox Developer Portal)
with an expiry date set to 2021 is expected to establish a valid API connection?
A:
We expose expired certificate on purpose. This certificate is meant only for testing the signing process, where validity is not considered.
Q:
How can TPP control which profile to use when a customer authenticates using a decoupled approach? For example, if a customer has multiple companies and wishes to authorise using one of them, is this achieved by providing an agreement ID? How TPP can know such an ID in advance?
A:
TPP provides the agreement based on the customer input. Please refer to:
Decoupled access authorisation flow (Denmark, Finland, Norway & Sweden) - Business