19 June 2025: mTLS Endpoints will be moving to dedicated domains
As part of our ongoing security enhancements, all mutual TLS (mTLS) endpoints will soon transition to new dedicated domains:
- https://cert-api.{bank}.dk
- https://cert-auth.{bank}.dk
These domains will exclusively serve mTLS-protected endpoints. We do not have the exact date the new domains will be ready for use, and when existing domains will close. When the new domains are ready, you can expect a notice of one month before old domains will be disabled.
✅ The Security page has already been updated with the latest details on the migration.
📘 The API resource page will also be updated to reflect this change once the date has been set.
We recommend reviewing your integrations and preparing for the transition. More updates will follow as timelines are finalized in the next month.
Updated: 19 June 2025.
05 March 2025: New mobile bank authentication method now available
Third Party Providers can now offer customers the option to sign consents or payments (initiated through PSD2 APIs) using the customer's Mobile Bank instead of MitID. This means the customer starts the Mobile Bank and confirms with faceID or fingerprint in the Mobile Bank.
The security section has been updated with the information needed to implement the mobile bank authentication method.
Updated 05 March 2025.
06 March 2025: Update to API infrastructure
What is changing?
On March 6th, 2025, at 22:00 CEST, our API services will undergo an infrastructure change where traffic will be routed through a different IP address. The existing API domain names will remain unchanged, and requests will continue to resolve as expected. However, if your setup relies on hardcoded IP addresses or restrictive firewall rules that require explicit IP whitelisting, you may experience connectivity issues.
What action is required?
• Ensure that your integrations use DNS resolution rather than static IP configurations.
• If your infrastructure currently enforces IP-based firewall rules, we strongly recommend transitioning to a DNS-based approach to ensure long-term stability and avoid future disruptions.
• Avoid relying on cached or manually configured IP addresses, as these may no longer be valid after the transition.
We recommend reviewing your setup to ensure uninterrupted access to our APIs.
Updated 27 February 2025.
17 April 2025: Breaking changes in Payment API
On 17 April 2025 we will be implementing changes to instant-domestic-credit-transfer due to TIPS. These changes will be breaking changes.
Changes in instant-domestic-credit-transfers:
• creditorName is required
• remittanceInformationStructured is no longer supported
• remittanceInformationUnstructedArray allows only 4 lines with maximum 35 characters each.
This is reflected in the API spec on the Payment product page.
Updated 16 January 2025.
06 December 2024: ACR mandatory
From 06. December 2024 all redirects to an authentication type will be mandatory to fill out. Depending on the customer type, the TPP must redirect the end user to the correct authentication type.
- “acr=psd2”, indicates that the customer is a private customer, and the customer will then be sent directly to the private authentication page.
- “acr=psd2_erhverv” means the end user will be sent to the corporate authentication page.
It will no longer be possible for the end user to choose the authentication type themselves. This is when TPP did not provide ACR type in redirect.
See full overview in section Security under "Customer Authentication Types"
25 July 2023: consent valid for 180 days
Consents authenticated by PaymentServiceUsers from Tuesday 25 July 2023 at 10:00AM CEST will be valid 180 days.
Consents authenticated by PaymentServiceUsers before this date are valid 90 days.
When a consent expires, the PaymentServiceUser will be asked to perform StrongCustomerAuthentication (SCA), to extend the validation with either 90 or 180 days (depending on when the PSU performs the SCA).
Find the Commission Delegated Regulation here
Starting Tuesday 25 July 2023 at 10:00AM CEST we will also be enforcing the restrictions for maximum 90 days of transactions back in time, when the PaymentServiceUser is not present.
May 2023: transactions details, card payments
We plan to add further transaction details for card payments.
Two additional fields will be added to transaction details:
- businessNumber (MerchantNumber)
- cardUseInfo (details on how the card is used)
The change is non-breaking and is scheduled to be deployed May 2023.
Once the implementation has been deployed, the aforementioned fields will be available through the PSD2 API's and their usage documented on the Developer Portal.
For questions or comments, please contact our PSD2 API support.
1 December 2022: app switching
Introducing further parameter: return_app_url & return_app_type
Due to requirement changes in MitID it becomes mandatory for ThirdPartyProviders to use app-switch if their app is on the same device as the MitID app.
ThirdPartyProvider developed apps must check for the existence of the MitID app, if the apps are on the same device it must send the ”return_app_url” and ”return_app_type”
Not sending these parameters in the app will have the following consequences:
IOS: Users must switch between the MITID app to the ThirdPartyProvider app themselves.
Android: The user will be returned to a default browser and must navigate back to the app after getting approval from the MitID app.
We have informed ThirdPartyProviders already using app switching directly.
Please read more about app switching on our app switching page
01 November 2022: NemID end-of-life
This news entry is nice-to-know information for supporters at ThirdPartyProviders.
From 1 November 2022 it is no longer possible for PaymentServiceUsers (PSU) to authenticate using NemID. PSU must authenticate using MitID.
All PSUs are already informed about mandatory migration to MitID.
29 June 2022: Introducing running balance on transactions
You can now see either "interimAvailable" balance or "expected" balance for each transaction.
Corporate paymentaccounts often use "collections" to group many transactions into 1 total.
For transactions part of a collection, balance will only appear for the collection-header.
psd2-api-account-1.3.yaml
In the response 200 look for "balanceAfterTransaction" and "balanceType".
The feature is also available in Sandbox.
Please contact our PSD2 API support if you have comments or questions.