Eika Mobilbank API integration & Open Banking data services (PSD2 / Berlin Group)

Account information mirror (AISP-style)

We document how list screens expose IBAN fragments, nickname fields, and multi-account ordering so your data warehouse can normalize them alongside PSD2 account references returned from the official developer gateway.

Concrete use: nightly balance snapshots for credit committees serving agricultural cooperatives that bank with Eika members.

Domestic and cross-border payment initiation

Field-level notes cover beneficiary name validation, KID references, currency selection, and status transitions that mirror payment initiation flows you would implement through a licensed PISP channel.

Concrete use: batch supplier runs where each payment stores an immutable external reference for ERP matching.

E-invoice and bills hub ingestion

Home-screen shortcuts to incoming e-invoices translate into structured reminders: due dates, creditor IDs, and partial payment flags suitable for accounts payable automation.

Concrete use: three-way match between procurement, goods receipt, and outgoing settlement files.

Insurance, loan, and savings aggregation

Tiles that consolidate non-account products become cross-sell analytics inputs—without scraping marketing fluff, we capture numeric exposures, next instalment dates, and policy identifiers where the UI exposes them.

Concrete use: debt-service coverage models for relationship managers covering multiple local brands.

Biometric session choreography

Recent releases emphasize device biometrics and responsive typography; we translate those flows into token refresh diagrams so your mobile SDK can degrade gracefully on older hardware.

Concrete use: step-up authentication policies aligned with BankID step-up expectations in Norwegian consumer apps.

Business mode switcher analytics

Private-to-business toggling implies distinct entitlement sets; integration specs describe how to keep consent scopes separate when a single human controls two customer numbers.

Concrete use: SaaS platforms that onboard bookkeepers managing multiple Eika alliance entities.

PSD2 account information request (illustrative)

GET /accounts/{accountId}/transactions
Host: psd2.eika.no
Authorization: Bearer <TPP_ACCESS_TOKEN>
Date: Mon, 20 Apr 2026 09:15:00 GMT
Digest: SHA-256=...
Signature: keyId="SN=QSEAL",algorithm="rsa-sha256",headers="date digest",signature="..."

Query:
bookingStatus=booked
dateFrom=2026-03-01&dateTo=2026-03-31

200 OK
{
  "transactions": {
    "booked": [
      {
        "transactionId": "txn-88421",
        "bookingDate": "2026-03-18",
        "transactionAmount": { "currency": "NOK", "amount": "-1499.00" },
        "remittanceInformationUnstructured": "REMA 1000 OSLO"
      }
    ]
  }
}

Signing headers vary by deployment; always follow the latest portal changelog—for example documentation releases through mid-2025 added richer transaction detail coverage that integration teams should diff against previous builds.

Payment initiation status webhook (pseudocode)

POST /internal/hooks/eika-payment
Content-Type: application/json
X-Signature: sha256=<HMAC>

{
  "paymentId": "pis-203948",
  "status": "ACCP",
  "debtorAccount": { "iban": "NO93.." },
  "instructedAmount": { "currency": "NOK", "amount": "25000.00" },
  "creditorName": "Supplier ASA",
  "requestedExecutionDate": "2026-04-22"
}

// Handler sketch
if (!verify_hmac(payload, secret)) return 401;
if (body.status === 'RJCT') notify_treasury(body.reasonCode);
else mark_erp_payment(body.paymentId, body.status);

Webhook endpoints should be idempotent: ERP systems often retry on timeouts, so store paymentId uniqueness keys before posting journals.

Session refresh with biometric replay protection

POST /sdk/sessions/refresh
Authorization: Bearer <DEVICE_TOKEN>
X-Device-Integrity: <PLAY_INTEGRITY_OR_APPATT_JWT>

Request:
{ "refreshToken": "rt_...", "biometricAssertion": "..." }

Responses:
200 { "accessToken": "at_...", "expiresIn": 900 }
401 { "code": "STEP_UP_REQUIRED", "methods": ["BankID"] }
429 { "retryAfter": 32 }

// Client policy
if (response.code === 'STEP_UP_REQUIRED') launch_native_bankid();

Norwegian consumers expect BankID step-up when risk engines flag new devices; bake those branches into mobile wrappers early.

SpareBank 1 Mobilbank

Holds multi-bank dashboards, insurance, and financing products for Norway’s largest cooperative banking brand. Teams comparing SpareBank 1 Mobilbank data exports with Eika Mobilbank often want unified categorization rules for SMB lending.

DNB Mobile Bank

Provides nationwide retail and corporate flows including multi-account aggregation. Integration architects reference DNB Mobile Bank field richness when designing competitive parity for cash management alerts.

Vipps

Dominates peer-to-peer and lightweight bill settlement. Pairing Vipps receipt metadata with deeper Eika current-account detail yields complete customer journeys in loyalty analytics.

Nordea Mobile Norway

Serves multinational retail clients needing Nordic and Baltic visibility. Nordea Mobile Norway projects frequently demand the same PSD2 certificate governance lessons applied to Eika’s developer portal.

Handelsbanken Norway Mobile Bank

Focuses on personalized advice and mortgage tracking for corporate-heavy clienteles. Wealth modules there inform how Eika alliance banks might structure loan insight APIs.

Sbanken

Digital-first retail bank inside the DNB group with drag-and-drop transfers and budgeting. Sbanken customers who also maintain local sparebank relationships benefit from consolidated cash-flow APIs.

Lunar

Neobank feature velocity—including subscriptions and investments—pushes incumbent apps to expose richer JSON. Lunar integrations often inspire UX benchmarks for Eika Mobilbank roadmap planning.

Storebrand mobile banking

Combines pensions, investments, and everyday banking for households optimizing long-term savings. Teams comparing Storebrand mobile banking journeys with Eika Mobilbank often unify fund trade settlement files with current-account payment evidence inside the same data lake.

Deliverables checklist

• OpenAPI drafts for account, transaction, and payment surfaces you are approved to call
• Auth and consent choreography report (tokens, MTLS, QSeal headers)
• Runnable reference collectors in Python or Node.js with configurable backoff
• Automated pytest/Jest suites covering pagination edge cases
• Compliance appendix citing PSD2, GDPR, and Norwegian marketing rules

Engagement economics

Source code delivery from $300 covers an initial milestone such as transaction history normalization or consent dashboard wiring; you settle after reviewing the repository and docs.

Pay-per-call billing suits pilots that want hosted ingestion without capital expense; each call includes metering IDs for finance teams.

Keyword-aligned outcomes

Deliverables explicitly trace to long-tail goals like Eika Mobilbank transaction export Open Banking, statement API integration for Norwegian savings banks, and multi-brand PSD2 consent orchestration so SEO landing pages match what procurement actually searches.

Compliance statement

We document interfaces under customer authorization, public developer programs, or contractually permitted channels. Where ambiguity exists, we escalate to your legal counsel before writing code.

Typical modules

• Consent capture and renewal aligned with AIS/PISP text
• Ledger synchronization with idempotent upserts
• Payment initiation status tracking and ERP hooks
• Digital card and wallet event logging
• Private versus business profile separation

About us

We are an independent technical studio specializing in authorized financial API integration, OpenData mapping, and supervised interface documentation. Engineers on the team have shipped mobile releases for Nordic banks, payment gateways, and accounting platforms, so we understand both regulator-facing paperwork and developer ergonomics.

• Mobile banking, wallet tokenization, and ERP connectors
• Protocol analysis expressed as sequence diagrams, not vague slide decks
• Custom SDKs in Python, Node.js, or Go with reproducible builds
• Full pipeline: discovery → implementation → validation → documentation
• Source code delivery from $300 with post-delivery payment upon acceptance
• Pay-per-call hosted APIs when you prefer usage-based pricing without upfront fees

Contact

Share your target app name (Eika Mobilbank), data domains, and compliance constraints; we respond with a scoped milestone plan.

Contact page

Engagement workflow

1. Joint scoping workshop covering AIS/PISP needs, ERP targets, and mobile parity expectations.
2. Supervised interface documentation sprint (typically a few business days) with daily diff reviews.
3. Implementation sprint wiring collectors, transformers, and storage policies.
4. Hardening pass: chaos tests on flaky rural networks, certificate rotation drills.
5. Documentation handover including operator checklists and GDPR records of processing.

FAQ

What do you need from us?

Can you bypass BankID?

How do you stay current?