Frequently asked questions

Open Banking allows developers to build applications and services around banks based on Open APIs. ICA Banken Open Banking pages and Developer Portal invites developers and companies to innovate and build services together with us, creating the next generation of digital services for ICA Banken’s customers through the use of Open APIs

API stands for application programming interface and is a technique for sharing information between online services and applications.

Open Banking allows customers to use services built by other companies and give permission to those services to access customer’s bank data, if the customer has agreed to share it. It also gives the possibilities for ICA Banken customers to initiate payments from their payment accounts at ICA Banken through third party applications.

Services built on the ICA Banken Open Banking APIs will never get access to a customer's data without the customer specifically giving his/her consent to that application.

Customer safety is our first priority. Current ICA Banken Open Banking functionality is limited to test data, which is not real customer data. ICA Banken Open Banking functionality will be further expanded and, in parallel, new security measures will be added.

Open Banking is built on EU PSD2 regulation guidelines and puts customer rights and security in focus.

PSD2 (Payment Services Directive 2) is an EU Directive regulating payment services. Among other things, PSD2 regulates access from Account Information Service Providers (AISP) and Payment Initiation Service Provider (PISP) to payment accounts held at Account Servicing Payment Service Providers (ASPSPs).

EU has issued the PSD2 regulation that strives to make payments safer, increase consumer protection, foster innovation and competition while ensuring an equal playing field for all market players.

PSD2 stipulates that:

• The customer can grant third-party service providers access to the customers payment account information at the customers’ bank;
• The customer can grant third-party service providers permission to initiate payments from the customers ICA Banken bank accounts;
• Authentication processes related to payment account information and payment transactions must adhere to updated rules on strong customer authentication.

ICA Banken will make this possible by creating open APIs that allow 3rd parties to integrate their services with ICA Banken.

Open APIs enables Open Banking which is a broader term covering access via open APIs to banks services in general, while PSD2 concerns only access to payment accounts.

You can send a message to our open banking support and ask your question and we will try to help you out.

› Contact us here

To become an AISP (Account Information Service Provider) you need to apply and register at your local National Competent Authority (Finansinspektionen in Sweden) to obtain a license for your company. You also need a technical certificate from a QTSP (Qualified Trusted Services Provider).

To become a PISP (Payment Initiation Service Provider) you will need, in addition to the certificate, authorization from your National Competent Authority to conduct payment related activities. Please note that you must comply with any and all national rules pertaining to financial markets that are not your local market.

Check your browser settings to make sure the "allow cookies" option is enabled.

If the problem persists you can reset your password here.

Still having problems? Please contact us.

If you want to delete your developer account you need to Contact us, and we will help you with this. 

You can find our available APIs in our APIs.

Please read ICA Bankens terms of use here. 

ICA Banken is following the Berlin Group standard for our APIs. Read more about Berlin Group Standard here. 

We support these browsers today and we recommend that you use the lastest version:

• Chrome
• Safari
• Edge
• Internet Explorer
• Samsung Internet

Username need to be less than 21 characters. We recommend using only lowercase and no special characters.

The Sandbox API response is hardcoded. It doesn’t need BankID to be open for further response. It is possible to skip that step and continue to the next step. For more information please see How To in documentation tab here.

The current version of the Sandbox APIs returns the same data response for a request, independent of the parameters which are sent in the request. We are providing you with different test cases to access different test user’s data. For more information on how to do your testing in Sandbox environment please log in to developer portal, select Sandbox API you’re interested in and follow instruction provided in “Documentation” tab on API store page.

No, it is not possible to use self-made/unverified certificates to connect to the mTLS token endpoint. Only valid certificate can be used in production environment.

To be able to use the production APIs your organization needs to have a license from a Financial Supervisory Authority (FSA) within the EU and a valid eIDAs certificate of the type QWAC, issued by a Qualified Trusted Service Provider (QTSP).

We trust only Production certificate currently. You can register with production certificate and callback to localhost during development. You can later on ask ICA Banken by sending a request via contact us to change the call back.

Yes, multiple callback Uri´s are supported.  More information is available when sign in on Developer Portal under Register Certificate Tab.

Yes, you can update/renew your certificate. We have published new REST API for update/renew your PSD2 certificate. Please find more details on how to in “Register Certificate Production” tab in your developer account or in “Documentation” tab, on API store page.

You need to contact us and request to delete certificate. When you receive confirmation from ICA Banken support team than you will be able to register a new certificate by following steps below:

Step 1. Login to Developer Portal
Step 2. Upload the certificate in API store and get OID
Step 3. Make request towards mTLs-register Rest API
Step 4. Call authorization code rest API and get the code
Step 5. Get the access token.

There is no maximum limit but if you add more than 7 applications you need to zoom out your screen resolution to 90 % to be able to select application you wish to use and continue to the next step, which is to subscribe and register your certificate. Work continues to improve this functionality in our future releases.

We recommend deleting application that you no longer use.

Yes, you can delete your application when singIN on Developer Portal and then select
‘Application’ tab.

We support these browsers today:

• Chrome
• Safari
• Edge
• Internet Explorer
• Samsung internet

We always recommend that you use the latest version of the browser (s) you are using for the website to function optimally. This also applies to support programs such as Adobe Reader used to download and read PDFs.  

Other programs and operating systems 

There may be other operating systems, browsers and support programs that may also work, but is nothing we can guarantee. 

For App users, the following applies 

We require iOS 11.0 or later, compatible with iPhone, iPad and iPod Touch Android require 5.0 or later.

Yes, you can see registered details and do callbackURI update by using new REST API published on API store. Please find more details on how to in “Register Certificate Production” tab in your developer account. We have enabled functionality for you to change your callback URI when needed. It is in our development plan, to offer more features that can improve the user experience as it is important to us.