Log in

Swedbank PSD2 API news

Published 11 april 2024

Please find below the upcoming changes and improvements in Swedbank PSD2 API

Sweden

  • To strengthen protection against fraud a daily amount limit for account-to-account transfers is introduced in April 2024 for private customers. This means that the customer can adjust how much money customer can transfer per day from customer’s payment accounts. Account limits for account transfers applies to all bank’s digital channels. Account limits can be managed by the customer in Internet bank or mobile bank. For PSD2 API it means that http 403 error for daily limit can be observed more frequently. This is not a new error message. It has been provided for corporate customers already.

{

    "tppMessages": [

        {

            "category": "ERROR",

            "code": "DAILY_LIMIT",

            "text": "The payment limit per day is exceeded"

        }

    ]

}

The error will be provided with authorization status check in redirect or decoupled flow and with PUT response in decoupled flow. Authorisation will fail. For basket payments, whole basket authorization will fail. If customer wants to transfer money above daily limit customer can edit daily limit in internet bank or mobile bank application.

  • Secure start with Bank ID. We would like to remind about BankID secure start that becomes mandatory from the 1st of May. More information can be found on Bank ID page: https://www.bankid.com/en/foretag/secure-start. To start mobile BankID application TPP has to use autostarttoken or QR code. In Swedbank PSD2 API autostarttoken will be returned if TPP sets header “Qr-code-required=false” meaning that PSU is starting Mobile BankID on the same device as TPP application. “Qr-code-required=true” means that PSU is starting Mobile Bank ID on a different device and QR code is required. We stop an incorrect usage of this header from the 17th April to make sure TPP setup is correct some time before the 1st of May.

Baltics

  • In some cases for redirect payment flow we noticed misinterpretation of payment status check. And we would like to remind about the correct implementation. In order to get accurate payment status TPP should always call payment status endpoint. TPP should not rely on authorisation status or customer redirect callback for payment execution fact.