Our APIs use the industry-standard protocol OAuth2.0 for secure authentication and authorisation.

Initiate payments and access account information securely and easily, through the OAuth2.0 framework. OAuth2.0 has been designed to provide client developer simplicity while having secure authorisation flows to web applications, desktop applications and mobile devices. Anyone can register and obtain a Client ID and a Client Secret in the Sandbox environment which will allow them to be authorised and call APIs. Access to the production environment will require the use of eIDAS certificates for the identification of authorised Third Party Providers.

Most Useful Features


An Authentication API call needs to be initiated before other API calls are made.


Register your application to obtain a Client ID and a Client Secret, which will allow you to authenticate your application.


An access token will be provided to you upon successful authentication, allowing you to test your application on the sandbox environment, or access live data in the case of the production environment.

Ready to begin?

Developer Console

All the API documents are just a click away. Find what you are looking for and start developing.

Authentication Inner Banner

Knowledge Base

Quick help! Find below the answers to the questions we get asked more often.

Yes, all bank customers have the option to cancel their consent through our internet banking channel.

Our APIs have been implemented based on the OAuth 2.0 industry-standard protocol to guarantee secure and authenticated transmission of data. Moreover, we perform API penetration tests regularly to ensure APIs security. Finally, only data that is approved by customer is accessible from the APIs.

Once you register your application on our API banking platform, the Client ID as well as the Client Secret are generated. Your Client ID is available under "My apps" section however, the Client Secret is stored encrypted, therefore we cannot retrieve it for you. In case you forget the Client Secret you may regenerate it.

Yes, access tokens have an expiration. If the token is expired, a relevant error message will be returned through a 400 error response. You will then need to request a new access token.

The “Client Credential” and “Authorization Code” grant types are supported.


Need to get in touch?