Sandbox and Production

Triodos provides two publicly accessable OpenBanking API environments

Sandbox

The Sandbox environment is made available to facilitate building of applications that use our Open Banking APIs in a safe environment that is not connected to production data or customer accounts.

The URI for the sandbox environment is:

https://xs2a-sandbox.triodos.com

We recommend that you use this environment to build and test your applications. It is functionally identical to the Production environment with the exception that Mutual TLS is not implemented in this environment and an eIDAS QSEALC certificate is not required to sign requests.

Refer to Registration for more details how to get started in the Sandbox environment.
The Sandbox data is cleared regularly. After a refresh of the database you will need to re-register.
The next Sandbox refresh is planned for:

  • 16 December 2024
  • 17 March 2025
  • 23 June 2025

You can verify that the Sandbox environment is available with this URL which displays the internal version of software that is deployed
https://xs2a-sandbox.triodos.com/xs2a-bg/version

OpenAPI 3.0 (Swagger) specifications for this environment are available at:
https://xs2a-sandbox.triodos.com/xs2a-bg/openapi.json
https://xs2a-sandbox.triodos.com/auth/openapi.json

Production

The Production environment should be used when your application is running in your production environment and you are in possession of valid eIDAS QWAC and QSEALC certificates.

The Mutual TLS URI for the production environment is:

https://api-ma.triodos.com

Client initiated authorisations (e.g. from the user's browser) should be initiated from the non-Mutual TLS URI to prevent that the user will be prompted to provide a client certificate:

https://api.triodos.com

You can verify that the Production environment is available with this URL which displays the internal version of software that is deployed

https://api.triodos.com/xs2a-bg/version

OpenAPI 3.0 (Swagger) specifications for this environment are available at:
https://api.triodos.com/xs2a-bg/openapi.json
https://api.triodos.com/auth/openapi.json

To ensure availability of our services, we do not allow an organisation to run too many requests in parallel. In this case statuscode 429 is returned with the message: TooManyRequests.

Key Performance Indicators

Key performance indicators for our Open Banking Channel (Xs2a) and other online channels are available here