Security
The Commerzbank APIs can only be accessed by using encrypted transmission with HTTPS. For the authorization of APIs which provide personal data, the security standard OAuth 2.0 with different authentication methods is used. Additionally, a client certificate secures the access to live data, which can be signed using a Certificate Signing Request, after a personal contract was established. For more information about the Certificate Signing Request, please visit the Quickstart guide. Further information regarding authorization methods you will find under Authenticate APIs.
To do this, please send us a Certificate Signing Request (CSR). Instructions can be found in our Quickstart guide.
You generally need the client certificate to call all API and OAuth endpoints of Commerzbank – keyword: Mutual TLS. For example, in Postman, you can configure this as Working with certificates | Postman Learning Center.
More information on authentication and endpoints for live usage of our APIs is provided in the respective API documentation page. To access it, go to the API Catalog and select the specific API with live instance and navigate to the documentation tab. To obtain a client certificate necessary for live usage of APIs, please follow the instructions in the Quickstart guide to prepare a CSR file to be send to us.
The credentials for the sandbox are as follows:
- Username: 1234567890
- Password: 12345
Is this information helpful?
Haven't found the right solution? Then we will be happy to help you personally.