Prerequisite for this is to have the Postman application installed. We recommend downloading the application from the official site. We also recommend to avoid the browser plug-in version and to go for the standalone desktop application.
Disclaimer. The screenshots can look a little different from the latest Postman collections, but the functionality is the same.
1. Download the Postman collections
Download the latest collections below:
- https://developer.nordeaopenbanking.com/app/resources or
- https://github.com/NordeaOB/swaggers/archive/master.zip
Below is an example how to set up the Swedish collection. After setting up one collection, you can just import the other one and start using the old environment values which are saved.
2. Open Postman
3. Adjust settings
Go to File > Settings. Under General tab: Verify that the "SSL certificate verification" and "Automatically follow redirects" options are OFF, disabled.
4. Importing the Collection
At the top left corner of Postman, click Import
.
Go to the Postman application and choose Import File
Drag and drop the just saved Nordea JSON file or Choose Files and open it.

You have now imported the Nordea Postman example collection.
5. Setting the environment values.
Go to My Apps at our developer portal
https://developer.nordeaopenbanking.com/app/apps
Create a New App by clicking
5.1 Name your App and choose your app settings.
5.2 Client Secret
Copy the Client Secret to somewhere such as notepad application.
5.3 Client ID
Copy your Client ID from the next page just like the Client Secret earlier.
6. Configuring the environment values
You will need your Application keys in the next phase: Client ID and Client secret, which you should already have copied somewhere such as notepad.
At the top right corner of Postman, you will find the Environment box. Click the cogwheel for settings.
Click Add after which you get to the next screen.
You need to write a name for the environment. Insert the Client ID and the Client Secret like below and click Add to save the settings.
6.1 Variable names
X-IBM-Client-ID
X-IBM-Client-Secret
eidasPrivateKey is for testing the eIDAS certificate functions. You should set this up unless you are planning on skipping the validations as mentioned in this article.
- For reference: Access Authorization documentation.
eidasPrivateKey value
MIIG5AIBAAKCAYEAyQYYtwon+ZOF9hRyWPFJZbKu9C4AbX46TSmsUcLon7x7pMx9H3jk8mwIcQNFszx4Mx8m3iw83zpM4DmQpvprdP8+Le0sSB8d6k8X1gF4KTv1G9SNb7+Qf33jOToMUDy0t3LkypkoMupMmBStkVnV6mGDj6S+cIozLlBsSoKzXtnJhvANLi+zAMWMr1OkOw5PUhwPu9HyhN8YnuPvWBvXEhb08tMoYpvRCgP62IIA7qjpc8XfNIDHJC2wjLIyhgjzEl4tAOEEOSz712cKCsnxOnICioRK0ceN9SS40bWqxbWXvMGjrG08Ep35q2E0zVZ4S0yar0THhS/cY+RZnrEmoG3trp3g6g7lyRf3BqN4t0QiY+fssyi0h+eBkZQl4Hx8QZev5AsRX/A73Px9R88kVVHNxs/FQI9kWP08/+7PGxBkOfM+VxxAt4wiWTP/ZngPYRlWlAV3yIhxVtIh36Ngm2Vb1QLcDKYeuqTZasBsed5OIJA+RcjpR54VS8Uk76HFAgMBAAECggGAFq+dcmqvADdp0s+T5/2y7ssve1cFrVWldrfRPpjkb8JxobOCG18lV0Zh3X8lCok0d3B4jnInnHmT22ojrPRt1BJKDhzJ9omscpjic8BOsziU/MMMAyR3RiwKzJaEdTmkm19X+pU2OCjA5BjRTan5vi2rDzbkVwcBp6Rj1DTT0Ux6tcO5eRDg/qFMsyyZSCDhSr7n96ZF3EDhIm1OwX7C0sPMeOrjj91NxfeVA4IIYOanEe2uttohny+Y0Qf7M60mrhLJJdzAeFHFkE7NhR2nEgYInNbWhPmNtLEg8kD3xqNtgyy7knVIbE8Nn5KRnjbPoCQjn079hk4WVhXM8LfgGWGXtHQ31/9+AJgZOa0lN4UYqYcy0qn7HdNTjXH2gQruEJjDXYyTvI9ymiNkREAg1yOJfPC5xl9tETzT6MBEEEU/0FiOFP8MMZGFH5Hmi9YKNp1Om4b4XISGzJVUUCReBSHy0RjtC6OVa+kZMYb7f8O8quzBVIsKKCA8gcon4yCBAoHBAO7Vutrhk8z0pyU83tC2eQcy1v6CAAiCWdUdoWCIE44eq51KOBHqLCmT9/r2pPh0R2Vkkx/lPo1yqFkDTdzpbmIXgZDP0q6ET6Fp9wOaaUgoIhnzzNtb4dzWue2yuE2f/yCnXuT3p4rAphGBvJwyPqDHCb7q6qg0moH3bQWkrPzd5rDMA/Gv12zLzJ1zejrxTyrZvzvGZPPtSa1V2oReXC9CaMXbSK+b++HAut1XiTTjsfzmMnr2ZCfuXOUuZ6mjGQKBwQDXeLBuEPElq3Vv+K2Dn5Pm67rij6zRTE92DCha0iQtGDuBRnOF/cU6my1ZdgMi0V/etwZ4twI1Ocn7Oqis++NlvPqDkhhVCivR54iaj0KADx5hftek9b5Sgmb5HYS60xrX4EHTMCrME4IUYBYbvw62d6MzbhsB0H44tIAsisNCSb9iX6ILQFeMdQ/G3LD/5LCLRni3uXhVnR3ukbU8yU3ALcAkNVjHNiCmRLiyyTc3KPoOkfJFnhdb+BwEVVTV1Y0CgcEAqhqVtBFX6HETnuUEuVhNSQA/uhMzHNxiSPSKnKsualmT1zomRzQm8hIOW7NRehevRhrk4qGu9KWGG6fLzByB3uFpCY/LOTrJUGidYvaWJ6tV5nALJu0BJ/3TfOV+eOMMneA3KRLuRFfDr9JcWE885dv9J/o+2UBmD0z/XDaWcp9FEASuhnO8FiPs/vNhShvWS+m8V0GNY2JMyGTOdtqSA6Lj5o+w7EpHktlm/gC7m2zUtw/pQkS8vuf5R83OTTb5AoHBAJzi7WNWxp6s9vcuU/hwappKrWplPmmubHUBaSintVt4N2trRpYbLk37ystGmAXz+SAKl5WxetQSXbSlA0fgp7PeI3FFIJ5ap4lQUjBnev4PBAns90rO+2LMO/nKumflabghOwxwF9k7owz+4VoWhLnq5lN+Kf/qNN1I38KOzpknZUhVZYFXuec1HOWort/DPaBLEX6Eds+vdKnOQe4ejJQPO8WhaiCykpc9llXnGGL7XQba0VJLR6rZPl0RXJHNyQKBwE5tozFL24oPDy2qOWXbX3thNe3nHtI2wQQM0Bvj6r1uCGS4TN5qH/T9SNi/OWfzq5RWoocZckQo2uroBa7CCH7B2xvoItfV90wwFUXX79jlOSWYiCnpgOmybzGbcbTicStHxv0WVIXr3zK36PEA2gFOoKT9C21ZzW9BvQbYQviw1FR2AKKuKxhT5WvvpF25UiAdHhIYsOmQDQIj5eKbT8Q2SWo7sEkeOeFtGFj6oslahYwi5G2Bs4kv+8cobS0ScA==
You can now close the environments screen.
6.2 Associating the Environment variables with the Collection
From the top right, environment drop down menu, choose the one you just created.
You are now ready to start testing.
7. Getting Access Token and Accounts
Expand the Nordea collection. Choose Start Oauth request. Click Send.
After this you can proceed to the next endpoint by clicking Exchange Token and then Send.
Important! For Swedish Decoupled, please wait ~5 seconds between response from Start Auth and sending Polling for Auth Code to avoid an empty response.
For now, you can skip the Refresh token endpoint. The authentication part is now complete. You can move forward to the Get Accounts request. Hit Send and you will get a list of accounts available in the sandbox test data set.
8. Happy testing!
After getting the list of accounts, the rest of the functions will also work. Enjoy!
9. Further testing ideas
Finally, if you want to test how the eiDAS signing works, go ahead and disable the SKIP_SIGNATURE_VALIDATION_FOR_SANDBOX header and enable the calculated Signature as shown here:
Remember to repeat this for all endpoints and Save the endpoint headers when prompted.