Read the latest news about Open Banking

Latest news

Breaking Change in Payments Flow for Third Party Providers

We would like to inform you that in line with the updates being made to our customer interfaces, we will be introducing the following changes to our PSD2 Payments API. These changes will be implemented across all our channels to mitigate fraud and enhance the security of our services for our customers.

Below are the details of the temporary and permanent solutions being implemented.
Given certain parameters, the end user will be asked to perform an enhanced (strong) authentication using a Swedish passport or a Swedish national ID card, on top of signing with Mobile BankID. 
Note that the PSU needs to do this step within 30 seconds.

This enhanced (strong) authentication does not work with Kortdosa or Personlig dosa.

Temporary Solution for “strong” authentication, no change required by TPPs 

  • The temporary solution is available and effective from the 20th of November and until the 20th of February 2025.
  • Decoupled Flow: The QR code will continue to be displayed in the decoupled flow.
    Removing it at this stage would result in a breaking change, so it will remain in place until the 20th of February 2025, when it will also be removed. See breaking change below.
  • Redirect Flow: When PSU gets a “strong” authentication, the QR code will be removed from the redirect flow.This change will not impact TPPs. For end users, this will mean that they will not be seeing the QR-code but instead just the text: "Mobilt BankID - denna enhet" or "Avbryt" first and then after signing with BankID, the PSU needs to follow the instructions and use a Swedish passport or a Swedish national ID card within 30 seconds.

Breaking change: Permanent Solution for “strong” authentication

  • The permanent solution is available for TPPs from the 20th of November. 
  • Breaking change needs to be implemented by TPPs before the 20th of February 2025.
  • There will be a 3-month transition period to implement these changes, as the removal of the QR code in the decoupled flow will be considered a breaking change.
  • When PSU gets a “strong” authentication, the QR code will be removed from both the decoupled  and redirect flows. This will necessitate a technical change for TPPs using the decoupled flow. 
    For end users, this will mean that they will not be seeing the QR-code but instead just the text: "Mobilt BankID - denna enhet" or "Avbryt" first and then after signing with BankID, the PSU needs to follow the instructions and use a Swedish passport or a Swedish national ID card within 30 seconds.
  • Developer documentation will be updated to reflect these changes.

We understand that these changes may require adjustments on your part, and we are committed to providing the necessary support to ensure a smooth transition. Updated developer documentation will be made available on our developer portal, and our support team is ready to assist with any questions or concerns you may have. You can find more information in our developer portal here: https://www.icabanken.se/open-banking/

Please see Functional description production and the sections below for details:

  • 1.2.1.9 Scopes
  • 2.2.2.1 Request Parameters
  • 1.3 Client initiated backchannel authentication flow (Decoupled)
  • 3 Payments API (POST /SigningBasket)
  • 4 HTTP Error Codes 
    A new error code has been added, “initial signing method did not match requested” and this happens if the PSU is getting an enhanced (strong) authentication after having used either Kortdosa or Personlig dosa instead of the required Mobile BankID. 
    In such a case, a new authentication through Mobile BankID is required.

Please see our Swagger and the sections below for details: 

  • POST /oath/v2/mtls-backchannel-authentication (acr_values)
  • Authentication Challenge

Thank you for your cooperation and understanding as we work to improve our services.

If you have any questions, please do not hesitate to contact us via Help Center

Thank you!
ICA Banken Team Open Banking

Published 2024-11-15

Client initiated backchannel authentication flow (Decoupled) available from 2024-05-30

ICA Banken would like to inform that from the 2024-05-30 PSU authentication using SCA method decoupled will be available in our PSD2 APIs.

Please note that the current redirect flow will still be available without change.

Technical information:

In order to utilize the new decoupled flow, please see CIBA technical documentation as well as section 1.3 in functional description production and section 4 in functional description - register certificate production in our developer portal under: Documents

If you have any questions, please do not hesitate to contact us via Help Center 


Thank you!
ICA Banken Team Open Banking

Published 2024-05-31

Important Update:
Changes to our Fallback Mechanism

To accommodate BankID API v. 6.0 change we would like to inform that there have been some changes to our contingency (fallback) mechanism. We would also like to remind all TPPs that the fallback mechanism should only be used if the API Channel or certain API functionality is temporarily unavailable and not as a primary means of integration.

For any inquiries or to access the new instructions, please reach out to our support team via email.
The existing solution will remain functional until August 5, 2024.

We strongly advice any TPPs currently using our ordinary customer interface to instead transition to our dedicated PSD2 APIs as the primary interface of their PSD2 services. These APIs offer a more robust and secure interface for your PSD2 services.


Thank you!
ICA Banken Team Open Banking

Published 2024-05-13

Breaking change:
Platform upgrade and new features from 2023-09-13

ICA Banken would like to inform that we will be upgrading our PSD2 Open Banking platform. This means that we will be introducing a new developer portal, new runtime API URLs and some new functionality. The new platform and developer portal will be available from 2023-09-13. Please note that due to migration work, our developer portal will be temporarily unavailable between 5:00 P.M - 23:59 P.M during 2023-09-12.

The new platform will be available from the 13th of September and the old platform will be running until 2023-12-15. Due to the platform upgrade being a breaking change it is important that you update the relevant URL´s before the old platform decommission date 2023-12-15. As such, please make sure to make the necessary technical changes before this date to avoid any impact on end users. Please see the timeline and technical details below for more information.

Complete Timeline

  • 12th of September:  Old developer portal will be unavailable 5:00 P.M - 23:59 P.M.

Please note that during this time it is not possible to login to the developer portal. For any assistance or questions during this time, please contact our Help Center.

  • 13th of September:  New Developer portal and new runtime API URLs will be available.
    Login will be available at the same place as usual on our webpage. The developer accounts in developer portal will be automatically migrated and does not require any action from you as a TPP. Your user credentials will be the same as before. Please note that the sandbox clients will not be migrated to the new platform environment. Therefore, TPPs are requested to create new credentials in our new developer portal. From this date it will also be possible to switch to the new runtime API URLs, see more information under “technical information” below.
  • 13th of September - 14th of December: Breaking change adaptation period.
    Adaption period for TPP to perform necessary technical changes. Runtime API URL switch will need to be performed by TPP in order to switch to new platform.
  • 15th of December: Decommissioning of the old platform.
    Runtime API URL changes must be completed before this date to avoid impacting end users.

Technical information regarding breaking change

- In order to switch to our new platform, you as TPP need to change to the new runtime API URLs within a 3 month-period, before 2023-12-15. See list of URLs below.

- Please note that Sandbox client ID and secret will be deleted in the old platform.
In order to get new credentials, please see the documentation “Functional Description Sandbox” section 1.1 “Test our APIs – Instructions” in the new developer portal. Note! This only pertains to the sandbox environment, as production clients will be migrated.

- We have also added a new scope for AISP to be used when requesting account transaction data older than 90 days. Please see more information under ”New functionality and minor fixes” below. Note! This scope is available in the new platform. The old platform remains unchanged.

List of URL´s to be changed:

Developer Portal
Old https://apim-icabanken.ica.se/store
New https://portal-ob.gw.ica.se/devportal/apis

IAM
Old https://mtls-ims.icagruppen.se/oauth/v2/mtls-token
New https://mtls-icabanken.ica.se/oauth/v2/mtls-token

Production GATEWAY
Accounts
Old https://mtls-apimgw-icabanken.ica.se/t/icabanken.tenant/ica/bank/psd2/accounts/1.0.0
New https://mtls-icabanken.ica.se/open-banking/accounts/v1.0

Payments
Old https://mtls-apimgw-icabanken.ica.se/t/icabanken.tenant/ica/bank/services/psd2/payments/1.0.0
New https://mtls-icabanken.ica.se/open-banking/payments/v1.0

Sandbox GATEWAY
Accounts
Old https://apimgw-icabanken.ica.se/t/icabanken.tenant/ica/bank/services/psd2/accounts/sandbox/1.0.0
New https://apimgw-icabanken.ica.se/open-banking/sandbox/accounts/v1.0

Payments
Old  https://apimgw-icabanken.ica.se/t/icabanken.tenant/ica/bank/services/psd2/payments/sandbox/1.0.0
New https://apimgw-icabanken.ica.se/open-banking/sandbox/payments/v1.0

New functionality and minor fixes in platform upgrade

  1. Multiple certificates for the same Organisational ID (Client ID)
    We have enabled the possibility to register multiple certificates to the same OID (Client ID). Please see the documentation “Register Certificate Production” in developer portal section 1. “Register Application Process” if you want to use this feature.
  2. New Account scope added in the new platform: Account__transactions_Extended

Account__transactions_Extended, is a new scope to use for AISPs. This scope should be used when asking for account transaction data older than 90 days. Please see the technical documentation “Functional description Production” section 1. “Authorization” in developer portal for more information.

  1. Possibility to view the certificate registered in the developer portal

Enables viewing the certificate registered in the developer portal.

  1. Minor fix:

    - Minor fix response message from TEXT to JSON:

OLD: "Title":"Resource Forbidden","Detail":"Old KYC information","Code":"RESOURCE_BLOCKED"

 NEW: { "Title":"Resource Forbidden","Detail":"Old KYC information","Code":"RESOURCE_BLOCKED" }

If you have any questions, please do not hesitate to contact us via Help Center 


Thank you!
ICA Banken Team Open Banking

Published 2023-09-08

SCA Exemption extended from 90 to 180 days from 25th of July 2023

We would like to inform that Account Information Service SCA exemption change from 90 to 180 days is planned for 25th of July 2023. Please note that new refresh tokens and consents created from 25th of July will be valid for 180 days (previously 90 days).

If you have any questions, please don’t hesitate to contact us via Help Center 

Thank you!

ICA Banken Team Open Banking

Published 2023-05-25

Personal device and Card device added as authentication methods from 17th of August

Please adapt for breaking change. We would like to inform our users that from 2022-08-17, personal device and card device will be added as valid authentication methods in our APIs.

Change we introduce and what you need to do:

Personal device and card device will be added/available as valid authentication methods in our APIs, meaning a change in how we initiate a consent from the PSU to allow the TPP to access the Open Banking APIs as well as signing of initiated payments. Please read the technical documentation for further information on how to implement this change.

Please note that both the old and new Oauth authorization flow will be running until 2022-11-16. After this date, the current flow will be closed and only the new flow with all three of our authentication methods will be running. As such, any necessary changes on TPP end will have to be done before this date.

Read more in the documentation in our developer portal (Functional description production), which can be found Here

If you have any questions, please don’t hesitate to contact us via Help Center 

Thank you for tuning in!

ICA Banken Team Open Banking

Published 2022-08-17

Paginated response functionality soon available

Please note that we have created a new endpoint for this functionality. If you want to use the new functionality, please switch to new endpoint GET /Accounts/{accountId}/transactions-paginated. The old endpoint is still available and will not be affected by this change.


More information can be found in our functional description which can be found under documentation in developer portal.

Click here to go to documentation

Release date: 5th of April.

If you have any questions, please don’t hesitate to contact us via Help Center 

Thank you for tuning in!
ICA Banken Team Open Banking/PSD2 

Published 2022-03-28

Change in URLs for Sandbox APIs

We would like to inform our users about change in URLs towards our Sandbox APIs. If you are already integrated to our Sandbox APIs, please review information in our API listing store “Overview” tab and adapt for breaking change we introduce regarding PSD2 Open APIs in Sandbox environment.

The change we are doing applies URLs towards our:

Accounts Sandbox API

Current URL is:  
https://apimgw.ica.se/t/icabanken.tenant/ica/bank/services/psd2/accounts/sandbox/1.0.0

New URL is:  
https://apimgw-icabanken.ica.se/t/icabanken.tenant/ica/bank/services/psd2/accounts/sandbox/1.0.0

Payments Sandbox API

Current URL is:
https://apimgw.ica.se/t/icabanken.tenant/ica/bank/services/psd2/payments/sandbox/1.0.0

New URL is:
https://apimgw-icabanken.ica.se/t/icabanken.tenant/ica/bank/services/psd2/payments/sandbox/1.0.0

Both current and new URLs will be running until 2021-01-31
After January 2021, current ones will be closed, and only new URLs will be running.

If you have any questions, don’t hesitate to contact us via Help Center Thank you for tuning in!

Published 2020-10-15

International payments now live in production

Our Payment Initiation APIs now also include international payments. I.e. payments in Euro (SEPA) and other currencies.

Payments initiated through the APIs follow the same rules and pricing as for when the end customer enters a payment at the internet bank at ICA Banken.

To initiate payments, third parties need to be licensed by their national FSA and have their eIDAS certificate registered with their application at ICA Banken. Read more about the APIs in the documentation published on our Developer portal.

Published 2020-05-07

Payment API now live in production

We have now connected our Payment Initiation APIs to our production systems. That means that licensed third parties can initiate payments on behalf of ICA Banken payment account holders.

The release of payment APIs complements the earlier released Account Information APIs. The release also includes changes to the authentication solution addressing earlier reported issues.

To access production data, third parties need to be licensed by their national FSA and register their eIDAS certificate with their application at ICA Banken. The existing Payment API has transformed into a production version, and we have created a new Sandbox version for those who wish to stay in test mode.

All APIs are now set in "published" mode, meaning that you can subscribe to the APIs.

Read more about the APIs in the documentation published on our Developer portal.

Published 2020-03-05

 

Back to main page för Open Banking