Menu Close
Developer Portal Currently viewing the Sandbox environment

Getting Started

New host for developer portal and authorization endpoint:

  • It is now possible to use the following host https://web.xs2a-sandbox.bngbank.nl to reach the developer portal and to redirect the user for authorization;
  • This new address no longer prompts the user to select a client certificate;
  • For the API itself keep using https://api.xs2a-sandbox.bngbank.nl as usual;
  • The developer portal can still be reached using the https://api.xs2a-sandbox.bngbank.nl as well as for redirecting the user for authorization to prevent a breaking change;
  • Note that when using https://api.xs2a-sandbox.bngbank.nl the user could still be prompted for a client certificate. The user can of course dismiss this prompt as usual. As it will neither be used in the developer portal nor during authorization;
  • The OAuth metadata configuration has been changed to use this new host for the authorization_endpoint and the service_documentation.

Welcome to the BNG Bank Developer Portal. This website contains information about the XS2A (Access to accounts) Interface.

XS2A Interface is part of the PSD2 (Payment Service Directive) initiative of the Berlin Group, a European standards initiative to enhance interoperability and harmonisation between financial service providers. For more information about the Berlin Group, please visit https://www.berlin-group.org/ (opens in new window)

Sandbox

You are currently viewing the Sandbox version of the BNG Bank Developer Portal. The main difference between Sandbox and Production is the data that is returned by the APIs. In Sandbox test data is returned while in Production live data is returned.

The Sandbox environment enables you to develop and test your application.

  • Sandbox mimics all interactions with BNG Bank just as we have in production.
  • Sandbox allows you to fully test the OAuth2.0 process without needing a real BNG Bank user account.
  • Sandbox APIs describe how to trigger specific functional or error responses.

Certificates

To communicate with the PSD2 APIs, certificates are required. A TLS certificate for the connection (including all intermediate certificates for chain validation) and a signing certificate to sign requests.

For Sandbox development, eIDAS certificates can be used or specific sandbox certificates, which can be found here.