General

Who is develop.hangseng designed for?

Our Developer Portal is intended for any developers interested to use our APIs for any further development for further development and attain value maximization as a whole.

What kinds of APIs are available in Hang Seng Developer Portal?

Our Developer Portal includes various banking related APIs. Please register for our developer portal account to know more about the currently available APIs. If you are keen to explore and register for APIs on product information and subscription, you may visit our other portal at Hang Seng Developer Portal. In the meantime, we will continue to update and expand our API base for your innovative inputs in this current site that you are viewing. Please stay tuned.

Why do I need to register?

You can browse our API catalogue and access overviews for all of our APIs without registering and logging in. You will need to register and log in to access our sandbox facilities.

Finally, registration enables us to contact you with service updates and product developments if you are interested in receiving them.

Can multiple users from the same company be added to the same organisation in develop.hangseng?

When you register a separate organisation is created for each registered user.

I had an account on the old developer portal. Do I need to re-register for develop.hangseng?

If you would like to register for the APIs available on this portal, you are asked to register on develop.hangseng to set up a new account. This will give you immediate access to our latest documentation and you will also be able to generate new test certificates if you need them. Your current account(s) and API/APP request(s) on Hang Seng Developer will still be active and you may access it at any time. .

I haven’t received an activation email. What should I do?

Please check the spam/junk mail folder in your mailbox to see if your activation email accidentally fell into these folders. If you still don't see the activation email, you can try to reset your password from the Log on screen. If you are still experiencing issues please send us a message using the Contact us form found under the Help menu.

How can I reset my password?

Please use the forgotten password option from the Log On screen to reset your password.

Which internet browsers are recommended to use with develop.hangseng?

The portal is optimised for use in Chrome, FireFox, Edge and Safari browsers. Whilst Internet Explorer 11 is supported, there may be some lost formatting on certain images and loss of dynamic features when viewing the technical documents.

Can I register to access production APIs through develop.hangseng?

No, at present develop.hangseng provides documentation, which will guide you through the steps involved in accessing our production APIs, but the process of registering your app to consume our production APIs must be initiated by calling the relevant registration APIs directly. Please refer to our implementation documentation to help you get on-boarded as quickly as possible.

How can I get additional assistance or provide feedback?

If you need any additional assistance or have any feedback which will help us improve our services, please send us a message using the Contact us form found under the Help menu.

Is there any cost associated with the use of Hang Seng’s API?

Our APIs are currently free of charge.

What is the difference between sandbox and production access?

Our sandbox is a testing environment containing mock data with production-like format and functionality. It allows you to develop your product in a trial and error manner. After testing, if you are confirmed with interest in adopting our APIs in your business, you may then move to our production environment for further development.

Is there a glossary of terms and abbreviations?

Yes, you can view the glossary here.

Testing facilities

Do all your APIs have a sandbox?

The type and availability of the testing environments are specified in the technical documentation for each API. Where a sandbox is available you’ll find the required instructions on how to access the environment in the technical documentation.

Is the data in the sandbox real customer data?

No, all the data in our sandboxes is test data and does not contain any real Hang Seng customer or legal entity data. The sandbox data is designed to provide a representative sample of what can be expected in production to provide a valid test input for your apps.

How do I access the Open Banking Sandbox?

Once you are ready to start testing you will need to register your app in the sandbox. Our sandbox only supports test certificates issued by Hang Seng. So before completing sandbox dynamic client registration (DCR), there are a few pre-requisite steps you will need to complete to generate your test certificates and a software statement. Create a project in the sandbox, which will guide you through the process. Full details are provided in the Sandbox Access Guide for the API(s) you are interested in.

Once you’ve completed sandbox DCR, you’ll be able to view the certificates you’ve generated and the apps you’ve registered, along with their associated Client IDs, for use when calling the sandbox APIs.

Will test certificates generated on the old developer portal continue to work in the new Open Banking Sandbox?

No, the new Sandbox will only accept test certificates generated in the new developer portal. Please register on develop.hangseng and follow the instructions provided to generate new test certificates.

How do I request for sandbox access?

Please click on “Register” in the header and follow the instructions.

In the Sandbox, can I call the endpoints directly using Postman?

Yes, you can call the sandbox APIs directly, however please note that Sandbox only supports test certificates generated on develop.hangseng, so there are number of steps you need to complete within the sandbox in order to generate the certificates you need. Once you’ve generated your test certificates you can call /register (in order to register your app) and fulfilment end points directly.

In the Sandbox, are the consent authorisation journeys the same as the those provided in production?

The consent authorisation journeys in the Sandbox replicate the function of our production journeys from a third-party service provider’s (TSP) perspective in that they support scenarios where the account(s) the consent relates to is provided by the TSP or selected by the customer and an authorisation code is provided following successful authentication. However, the look and feel of the screens and the steps involved from a customer’s perspective have been standardised across all brands (and payment types for PIS journeys) for the purposes of simplification.

Are the test certificates generated by the site valid as per the ETSI standard specification?

The test certificates generated are valid X.509 certificates, meaning they’re a valid a substitute for connecting to the OB Sandbox or the MCI Test Facilities. However, production certificates issued by a Qualified Trust Service Provider or the OBIE may be slightly different in structure. The test certificates generated on this site cannot be used for any purpose other than using the testing facilities provided by Hang seng.

Where is my sandbox Client ID and Secret?

Your sandbox Client ID and Secret are displayed in “Dev Hub” project details after completing the creation of you project. Note that your Client ID and Secret are specific to you and your account which cannot be regenerated.

Partnerships

How do I ensure the authenticity of the TSPs and its services?

You may refer to our “Partnerships” page for the information of our partnering TSPs and their respective services.

Security

What are the security certificates adopted?

TLS 1.2 with X.509.

Is Open API safe?

You can rest assured that the bank will never use Open API to share your personal details or your account information without your consent. Additionally, your banking credentials including e-Banking usernames, passwords, security code, etc. will not be shared with TSP at all.

 

To find out more online security information, check out our Online Security Tips.

Making API calls

How do I call the APIs?

For information on calling APIs please refer to the technical documentation available for each API.

Why can’t I receive the response after getting the API link?

Our APIs are secured with Client ID and Secret that is specific to you. Please check if you have entered it before retrieving our API data. In addition, your sandbox and production access hold a different set of Client ID and Secret. You will be able to find your credentials after logon to your developer portal account in “My Profile”.

Are there any usage limits?

Your API usage is limited to 2 calls per second in the sandbox environment and 1 call per second in the production environment. Such arrangement considers your practice of performance test in the sandbox environment.

What is the consequence of exceeding the usage limits?

An error message of “too many requests” will be displayed.

Why did I get HTTP401 and HTTP403 error?

An HTTP401 error means that your Client ID or Secret is missing. You may find your credentials in “My Profile” after logon. An HTTP403 error means that the Client ID or Secret is incorrect. Please refer to “My Profile” and double check the details.

Others

What should I do if I cannot find the answer here?

Leave us a message at api@hangseng.com and we will get back to you.

What should I do if I forget my password?

Go to the “Logon” page and click on “Forgot your password?” Follow the instruction and you may reset your password.

Is there any downtime for the service?

Notifications on any downtime or scheduled maintenance will be shown on the Developer Portal home page.