Nordea’s PSD2 dedicated interface and the bank’s online and mobile channels share the same backend systems. The broadband for how many requests can be processed at the
same time is equally shared between the interfaces.
To ensure fair usage of Nordea's interfaces and provide equitable availability to all TPPs utilizing the dedicated interface, Nordea has implemented limitations on the number of requests per TPP application, per API product, per second and per day. These limitations are in place to maintain service quality and prevent excessive load on the system. We don't limit calls towards Payment Service Users (PSU).
If a TPP exceeds those limits, their API calls will not be queued, thereby ensuring minimal impact on the response times of the dedicated interface. Instead, the TPP will receive an error message ({"httpCode":"429","httpMessage":"Too Many Requests","moreInformation":"Assembly Rate Limit exceeded"}) indicating that the limit has been exceeded, and they will need to retry the API calls accordingly.
The current burst limitations for Nordea Open Banking APIs are as follows (authorization API calls are included in API products limits):
- Personal AIS APIs: 20 calls per second, per application
- Personal PIS APIs: 100 calls per second, per application
- Business (SME) AIS APIs: 10 calls per second, per application
- Business (SME) PIS APIs: 10 calls per second, per application
- Corporate AIS APIs: 10 calls per second, per application
- Corporate PIS APIs: 10 calls per second, per application
- Instant Reporting API: 100 calls per second, per application
- Corporate Payout API: 100 calls per second, per application
You can check your current rate/burst limits for the products you're subscribed to by logging to our Production Portal:
https://openapi.portal.nordea.com/user/login
and navigating to Apps -> Subscriptions.
Note: terms "rate limit" and "burst limit" refer to the maximum number of API calls that can be made within a specified timeframe. We are currently reviewing the whole rate and burst limit setup across all our products, so that area will see changes in the future. We've recently increased those limits for PSD2 APIs and we are not planning amendments for individual TPPs to avoid any favouring of TPPs.
Please subscribe to our newsletter: https://developer.nordeaopenbanking.com/ to receive updates about new features and products.
FAQ for Corporate PSD2 and Premium APIs:
- When is the X-RateLimit-Remaining value reset?
-
For X-BurstLimit-Limit, what is considered a burst? How many requests in how long a timespan constitute a burst?
- For Corporate Payout API - the burst is 100 requests per second
- For Instant Reporting API - the burst limit will be changed in the near future, it is advisable to assume that the maximum value will not be higher than 20 requests per second. Also better service level will be reached if API calls are not timed within a very short interval.
- What is the API behaviour if X-BurstLimit-Remaining drops down to 0?