Sandbox and Production

Triodos provides two publicly accessable OpenBanking API environments

Sandbox

The Sandbox environment is made available to facilitate building of applications that use our Open Banking APIs in a safe environment that is not connected to production data or customer accounts.

The URI for the sandbox environment is:

https://xs2a-sandbox.triodos.com

We recommend that you use this environment to build and test your applications. It is functionally identical to the Production environment with the exception that Mutual TLSMutual TLS - Mutual TLS authentication refers to two parties authenticating each other through verifying the provided digital certificate so that both parties are assured of the others' identity. is not implemented in this environment and an eIDASeIDAS - A set of standards for electronic identification and trust services for electronic transactions in the European Single Market. QSEALCQSEALC - A qualified Electronic Seal Certificate is a qualified digital certificate under the trust services defined in the eIDAS Regulation. A QSEAL certificate makes it possible for the owner of the certificate to create electronic seals on any data. The digital signature technology guarantees the integrity and authenticity of the signed/sealed data. certificate is not required to sign requests.

Refer to Registration for more details how to get started in the Sandbox environment.
The Sandbox data is cleared regularly. After a refresh of the database you will need to re-register.
The next Sandbox refreshes are planned for:

  • 20 June 2022
  • 19 September 2022
  • 19 December 2022

You can verify that the Sandbox environment is available with this URL which displays the internal version of software that is deployed
https://xs2a-sandbox.triodos.com/xs2a-bg/version

OpenAPI 3.0 (Swagger) specifications for this environment are available at:
https://xs2a-sandbox.triodos.com/xs2a-bg/openapi.json
https://xs2a-sandbox.triodos.com/auth/openapi.json

Production

The Production environment should be used when your application is running in your production environment and you are in possession of valid eIDASeIDAS - A set of standards for electronic identification and trust services for electronic transactions in the European Single Market. QWACQWAC - A qualified website authentication certificate (QWAC) is a qualified digital certificate under the trust services defined in the eIDAS Regulation. A QWAC makes it possible to establish a TLS channel with the owner of the certificate, which guarantees confidentiality, integrity and authenticity of all data transferred through the channel. and QSEALCQSEALC - A qualified Electronic Seal Certificate is a qualified digital certificate under the trust services defined in the eIDAS Regulation. A QSEAL certificate makes it possible for the owner of the certificate to create electronic seals on any data. The digital signature technology guarantees the integrity and authenticity of the signed/sealed data. certificates.

The Mutual TLS URI for the production environment is:

https://api-ma.triodos.com

Client initiated authorisations (e.g. from the user's browser) should be initiated from the non-Mutual TLS URI to prevent that the user will be prompted to provide a client certificate:

https://api.triodos.com

You can verify that the Production environment is available with this URL which displays the internal version of software that is deployed

https://api.triodos.com/xs2a-bg/version

OpenAPI 3.0 (Swagger) specifications for this environment are available at:
https://api.triodos.com/xs2a-bg/openapi.json
https://api.triodos.com/auth/openapi.json

To ensure availability of our services, we do not allow an organisation to run too many requests in parallel. In this case statuscode 429 is returned with the message: TooManyRequests.

Key Performance Indicators

Key performance indicators for our Open Banking Channel (Xs2a) and other online channels are available here