Menu Close
Developer Portal Currently viewing the Sandbox environment

Getting Started

It is now also possible to use the following host https://web.xs2a-sandbox.bngbank.nl to reach the developer portal and to redirect the user for authorization.
This new address no longer prompts the user to select a client certificate.
For the API itself keep using the https://api.xs2a-sandbox.bngbank.nl as usual.
Note that the developer portal can still be reached using the https://api.xs2a-sandbox.bngbank.nl as well as for redirecting the user for authorization to prevent a breaking change. The https://api.xs2a-sandbox.bngbank.nl could still prompt the user for a client certificate if the user has more than 1 client certificate installed locally. The user can ofcourse dismiss this prompt as usual. As it will not be used in the developer portal as during authorization.

Welcome to the BNG Bank Developer Portal. This website contains information about the XS2A (Access to accounts) Interface.

XS2A Interface is part of the PSD2 (Payment Service Directive) initiative of the Berlin Group, a European standards initiative to enhance interoperability and harmonisation between financial service providers. For more information about the Berlin Group, please visit https://www.berlin-group.org/ (opens in new window)

Sandbox

You are currently viewing the Sandbox version of the BNG Bank Developer Portal. The main difference between Sandbox and Production is the data that is returned by the APIs. In Sandbox test data is returned while in Production live data is returned.

The Sandbox environment enables you to develop and test your application.

  • Sandbox mimics all interactions with BNG Bank just as we have in production.
  • Sandbox allows you to fully test the OAuth2.0 process without needing a real BNG Bank user account.
  • Sandbox APIs describe how to trigger specific functional or error responses.

Postman

There is a Postman collection to help with integrating with the sandbox API.

The collection contains sample requests for establishing an account information consent, retrieving an access token, retrieving account information and initiating a bulk payment. Note that the redirect URL for obtaining an authorization code is generated in the console of Postman when establishing an account information consent or bulk payment. When following the redirect and confirming the action with the testuser, the redirect will take you back to a page that will show an error but will contain the authorization code that can be pasted in the request Get Access Token body 'code' field to retrieve the access token using Postman. The access token can than be pasted in collection variable 'accessToken' and the followup requests can than be executed.

Download the Postman collection here.

Certificates

To communicate with the PSD2 APIs, certificates are required. A TLS certificate for the connection (including all intermediate certificates for chain validation) and a signing certificate to sign requests.

For Sandbox development, eIDAS certificates can be used or specific sandbox certificates, which can be found here.