Q:
We're starting to work with Bulk Verification of Payee API (BVoP) and while calling the endpoint:
POST /premium/v1/bulk-verification-of-payee
we encounter the following error: <httpMessage>Unauthorized</httpMessage>\n <moreInformation>Invalid client id or secret.</moreInformation>
Response Body": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errorResponse>\n <httpCode>401</httpCode>\n <httpMessage>Unauthorized</httpMessage>\n <moreInformation>Invalid client id or secret.</moreInformation>\n</errorResponse>
What could be the reason?
A:
Make sure that the HTTP header in your request is X-IBM-Client-Id and you send a correct Client ID and Client Secret.
Please refer to:
- Bulk Verification of Payee
- Nordea Developer Portal (API Market Sandbox) guide
- Bulk Verification of Payee - API Reference
Q:
(Sandbox) While requesting:
Method: GET, RequestUrl: 'https://api.nordeaopenbanking.com/corporate/premium/v1/bulk-verification-of-payee?batch_identification=123456789', Version: 1.1, Content: , Headers:
{
Authorization: Bearer eyJjdHkiOiJKV1Qi***.XqYauNZjvMw_yKGgLdmywg
X-IBM-Client-Id: 3a51***a056
X-IBM-Client-Secret: ***
X-Nordea-Originating-Host: api.nordeaopenbanking.com
X-Nordea-Originating-Date: Wed, 01 Oct 2025 14:32:07 GMT
Signature: keyId="3a5175***a056",algorithm="rsa-sha256",headers="(request-target) x-nordea-originating-host x-nordea-originating-date",signature="I4mGdjhvSVK***lwhLM1wlbUuwa8lSh6DbNv5"
}
we received the following error: StatusCode: 405, ReasonPhrase: 'Method Not Allowed'.
-----------------------------Response -> 405 not Allowed------------------
Method HTTP response: 405 Method Not Allowed: Time:130 ms FinancialCommunicationsService
10/01/2025 14:32:07 BankConnections Information AutoUser StatusCode: 405, ReasonPhrase: 'Method Not Allowed', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Date: Wed, 01 Oct 2025 14:32:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Global-Transaction-ID: 7fd914***7572
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/json
}
Why is that?
A:
For your MsgId 123456789 (provided in <CstmrPmtStsRpt><GrpHdr><MsgId> from your POST response), you should have used the following GET request structure:
https://api.nordeaopenbanking.com/corporate/premium/v1/bulk-verification-of-payee/123456789
Q:
We encountered the following error: <code>error.authorization</code><description>Invalid or missing user or access right</description>. What could be the reason?
"response_body": "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><errorResponse><groupHeader><messageIdentification>3779643e646d484e</messageIdentification><creationDateTime>2026-04-18T07:33:55.585Z</creationDateTime><httpCode>403</httpCode></groupHeader><response xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"errorPayload\"><request><url>/premium/v1/bulk-verification-of-payee</url></request><failures><code>error.authorization</code><description>Invalid or missing user or access right</description></failures></response></errorResponse>",
A:
Make sure you provided a valid logon ID in the Logon-Id header within your request. Refer to:
Bulk Verification of Payee - API Reference
Q:
We try to connect to the Bulk VoP API, but while calling the endpoint:
we get the following error: {\"httpCode\":\"401\",\"httpMessage\":\"Unauthorized\",\"moreInformation\":\"Cannot find valid subscription for the incoming API request.\"}
A:
POST /corporate/v2/authorize endpoint is not a part of Bulk VoP API. You need to request:
POST /premium/v1/bulk-verification-of-payee
and provide Logon ID and Agreement Number in the headers. See:
Bulk Verification of Payee - API Reference
Q:
While calling the endpoint:
POST /premium/v1/bulk-verification-of-payee
we encountered the error: <code>error.signature.invalid</code><description>Signature is invalid./description>
<errorResponse>
<groupHeader>
<messageIdentification>4f12c74a14cfba6c</messageIdentification>
<creationDateTime>2026-05-04T15:48:16.705Z</creationDateTime>
<httpCode>401</httpCode>
</groupHeader>
<response xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="errorPayload">
<request>
<url>/premium/v1/bulk-verification-of-payee</url>
</request>
<failures>
<code>error.signature.invalid</code>
<description>Signature is invalid.</description>
</failures>
</response>
</errorResponse>
How to resolve it?
A:
As the Signature creation is the same for all APIs, please see: