Web Services protocol

The Web Services protocol is intended for the transmission of payment files between your company and the bank. The protocol is a connection type transmitting files, and in this respect it deviates from corporate netbank, which is interactive.

Your benefits:

  • The connection can be automated and timed. 
  • The data communications connection is always encrypted, so you do not need a separate VPN connection.

PKI certificate

The Web Services connection identifies customers with a PKI certificate (Nordea eID), which corporates can retrieve from Nordea with their own bank connection software.

The software should send a request for a certificate which consists of the customer name, user ID and country code of the customer stated in the agreement. The request is secured with an activation code received via an SMS message delivered to the mobile phone number of the administrator specified in the agreement.

If your bank connection software does not have a feature for downloading the certificate, you can download the Nordea Security Client (NSC) by choosing “Certificate Download: Download of Nordea Security Client” below. Once downloaded you can start the client and fill in the customer name, user ID, country code, and activation code received via SMS, and send the certificate request. 

You can also refer to "Nordea Security Client-User Guide" for more detailed instruction. When you receive the certificate, you have to give a password to protect it. You can export the certificate directly for the use of the bank connection software, or it can be stored locally on the windows certificate store. Please refer to the detailed instruction available in the bottom of this page.

A retrieved certificate is valid for two years. It is your company's responsibility to renew it before it expires. Some bank connection software will notify the user of the certificate's expiry in advance, enabling users to renew their certificate without an interruption to the service. 

Depending on the software, the renewal may be done fully automatically or you can download a new certificate as described above, for which you can order a new activation code from Nordea Business Centre or from Nordea's E-support for Corporate Customers, tel. 0200 67230 (local network charge/mobile call charge), provided that the administrator's mobile phone number is saved in the bank's agreement register. An activation code is valid for 7 days.

Certificate Download

  1. Download of Nordea Security ClientOpens new window
  2. Nordea Security Client - User GuideOpens new window
  3. How to export a certificate to a PSKC #12 fileOpens new window
Start using
Service descriptions
File types
SHA256 Change and Migration

How to start using the services

Your company must make an agreement on the use of the Web Services protocol with Nordea. You can start using the service by calling Nordea Business Centre. In addition, you need bank connection software that supports the Web Services protocol. In Finland the use of the protocol so far requires local agreements.

The PKI certificate is used for identifying a customer in the Web Services protocol. 

SHA256 Change and Migration

In order to provide secure services and solutions to our customers, Nordea will discontinue the support of the SHA1 certificate and digital signature because of weaknesses in the SHA1 algorithm, and replace it with SHA256.
On May 20th, the old SHA1 service will be closed and customers should use SHA256 service instead. Please find the links and the technical specification of the SHA256 service in the documents below. Please kindly note that SHA256 service works slightly differently than the old SHA1 service, and some development is needed so that your client software uses SHA256 algorithm in digital signature.
If you are using Web Services connectivity provided by vendor, please contact your vendor.

Newsletters:

Latest: Web Services SHA256 Change - NewsletterOpens new window

Documents:

1. Technical change description: Web Services SHA256 - Technical Change DescriptionOpens new window

2. Frequently Asked Questions: Web Services SHA1-SHA256 Migration FAQOpens new window

3. Quick Guide to Adapt to SHA256 service: Web Services SHA256 -Quick Guide for adapting SHA256 serviceOpens new window

Certificates:

1. Customer SHA256 DEMO certificates(RSA 2048 Bits). Customers can use these to test whether systems can handle SHA256 certificates and establish Web Services connection to existing and new services. 

Only GetUserInfo, and DownloadFileList and DownloadFile function with file type of VKEUR can be used by DEMO certificates. Please don't renew or revoke these certificates because they are shared for all customers.

With GetUserInfo, response will be ResponseCode=24, ResponseText=Content not found. This means that the connection was successful but there is no service overview to show with this test user. 

Logon ID: 15330019342. Target ID: 11111111A1

2Nordea's Web Services signature certificate and its Root CA certificates in SHA256 service (new service, link can be found from Technical change description document)

If customers validate Nordea's responses using this certificates, this certificate needs to be installed.

Possible error for customers who didn't install it correctly: error related to certificate validation. 

In case of errors especially when you have uploaded payment files, please don't send in files again, but contact Support team instead. 

Opens new windowThis is the Root certificate of the signature certificate of Nordea Web Services server in SHA256 service. Certificate validity is 15years.

If customers validate Nordea's responses using this certificates, this certificate needs to be installed.

Possible error for customers who didn't install it correctly: error related to certificate validation. 

In case of errors especially when you have uploaded payment files, please don't send in files again, but contact Support team instead. 

Interested?

Contact Us